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ABSTRACT 

This thesis presents a polynomial time algorithm for the basic question of Galois theory, 
checking solvability by radicals of a monic irreducible polynomial over the integers. It also 
presents polynomial time algorithms for factoring polynomials over algebraic number fields, 
for computing blocks of imprimitivity of roots of a polynomial under the transitive action of 
the Galois group on the roots of the polynomial, and for computing intersections of algebraic 
number fields. (In all of these algorithms it is assumed that the algebraic number field is 
given by a primitive element which generates it over the rationals, and that the polynomial 
in question is monic, with coefficients in the integers.) We also show how to express a root 
in radicals in terms of a straightline program in polynomial time. 

The techniques used include methods from computational complexity and approaches 
from the theory of finite permutation groups. The results presented here rely on the recent 
work of Lenstra, Lenstra, and Lovasz, in which a polynomial time algorithm for factoring 
polynomials over the integers is presented. 

Many questions remain. Our divide-and-conquer approach answers the question of 
solvability without revealing the nature of the group in question; we do not even learn its 
order. We suggest this as one of the many open problems that remain to be tackled. 
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Introduction 



Every high school student knows how to express the roots of a quadratic equation in 
terms of radicals; what is less well-known is that this solution was found by the Babylonians 
a millenia and a half before Christ [Ne]. Three thousand years elapsed before European 
mathematicians determined how to express the roots of cubic and quartic equations in 
terms of radicals, and there they stopped, for their techniques did not extend. Lagrange- 
published a treatise which discussed why the methods that worked for polynomials of degree 
less than five did not work for quintic polynomials [Lag], hoping to shed some light on 
the problem. Evariste Galois, the young mathematician who died in a duel at the age of 
twenty, solved it. In the notes he revised hastily the night before his death, he gave an 
algorithm which determines when a polynomial has roots expressible in terms of radicals. 
Yet of this algorithm, he wrote, "If now you give me an equation which you have chosen 
at your pleasure, and if you want to know if it is or is not solvable by radicals, I need do 
nothing more than to indicate to myself or anyone else the task of doing it. In a word, the 
calculations are impractical." [Ga]. 

They require double exponential time. Through the years other mathematicians - 
Zassenhaus, van der Waerden - developed alternate algorithms all of which, however, 
remained exponential. A major impasse was the problem of factoring polynomials, for until 
the recent breakthrough of Lenstra, Lenstra, and Lovasz [L 3 ], all earlier algorithms had 
exponential running time. Their algorithm, which factors polynomials over the rationals in 
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polynomial time, gave rise to a hope that some of the classical questions of Galois theory 
might have polynomial time solutions. We answer that the basic question of Galois theory 
-is a given polynomial, f(x), over the rationals solvable by radicals - has a polynomial time 
solution. That is the main result of this thesis. 

Galois transformed the question of sovability by radicals from a problem concerning 
fields to a problem about groups. What we do is to change the inquiry into several problems 
concerning the solvability of certain primitive groups. Palfy has recently shown that the 
order of a primitive solvable group of degree n is bounded by 24~ 1 / 3 n c for a constant 
c = 3.24399. . . [Pa.] We attempt to construct the Galois group of specified polynomials in 
polynomial time. Each polynomial is constructed so that its Galois group acts primitively 
on its roots. If we succeed, we use an algorithm of Sims to determine if the groups in 
question are solvable. If any one of them is not, the Galois group of f(x) over Q is not 
solvable, and hence f(x) is not solvable by radicals. It may happen that we are unable to 
compute the groups within the time bound. Then we know that the group in question is not 
solvable, since it is primitive by construction, and primitive solvable groups are polynomially 
bounded in size. 

We first show that there is a polynomial time algorithm for factoring polynomials 
over algebraic number fields. We do this by using norms, a method due to Kronecker. 
We construct a tower of fields between Q and Q[x]/f{x), by determining elements pi, 
i = 0,...,r + 1, such that Q = Q{ Po ) C Q{pi) C ... C Q{p r ) C Q{p T +i) = Q[x]/f{x). 
The tower of fields we find is rather special. If <k+i(y) is the minimal polynomial for ft-|_i 
over Q(pi), then the Galois group of &+i(y) over Q(pi) acts primitively on the roots of ; 
ffi+i(y). The Galois group of f[x) over Q is solvable iff the Galois group of ft+i(y) over 
Q{Pi) is solvable for i = 0, . . ., r. 

Using a simple bootstrapping technique, it is possible to construct the Galois group of 
9i+i{y) over Q{pi) m time polynomial in the size of the group and the length of description 
of g»+ i(y). Since the pi are determined so that the Galois group of ff»+ i(y) over Q{pi) acts 
primitively on the roots of <h+i(y), if the group is solvable, it will be of small order. In that 
case, we can compute a group table and verify solvability in polynomial time. If it is not 
solvable, but it is of small order, we will discover that instead. Otherwise we will learn that 
the Galois group of #i+i(y) over Q{p%) is too large to be solvable, and thus that /(i) is not 
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solvable by radicals over Q. 

Our approach combines complexity and classical algebra. We start with a brief intro- 
duction to background algebraic number theory in Chapter I. This sets the stage for the 
algorithm for factoring polynomials over algebraic number fields presented in Chapter n. 

Chapter HI begins the discussion on solvability. The algorithmic paradigm of divide- 
and-conquer finds a classical analogue in the group theoretic notion of primitivity. Galois 
established the connection between fields and groups; permutation group theory explains 
the connection between groups and blocks. Combining these ideas we present an algorithm 
to compute a polynomial whose roots form a minimal block of imprimitivity containing a 
root of f(x). 

We use this procedure in Chapter IV to succintly describe a tower of fields between Q 
and Q[x]/f(x). A simple divide-and-conquer observation allows us to convert the question of 
solvability of the Galois group into several questions of solvability of smaller groups. These 
are surprisingly easy to answer, giving us a polynomial time algorithm for the question of 
solvability by radicals. 

We discuss in Chapter V a method for expressing the roots of a solvable polynomial in 
terms of radicals. We present a polynomial time solution to this problem using a suitable 
encoding. The thesis concludes with a disscusion of open questions. 

A note to the reader: This thesis is self contained, but we do assume some knowledge 
of algebra. Background and proofs of classical results may be found in Samuel (Sa], van 
der Waerden [vdW] or Wielandt [Wie]. In particular the results of Chapter I, §2, Chapter 
II, §4 and Chaper HI §3 are more fully presented in Samuel, Chapter II, van der Waerden , 
Chapter VIII, and Wielandt, Chapter I respectively. 



Chapter I 

Background 



1. Factoring Polynomials over the Integers 

Mathematicians have long sought efficient algorithms for factoring polynomials over the 
ratio nals. In 1793 Frederick von Schubert showed that the problem of factoring over the 
integers was decidable [Kn]. If f[x) is the polynomial one desires to factor, Von Schubert's 
idea was to compute /(l), /(2), . . ., /(n) where n is the degree of /(i). Consider a possible 
sequence d{l), . . .,d(n) where d(i) divides /(t). A sequence defines a potential divisor of f(x), 
which can be found by interpolation. All divisors of f(x) can be found in this way - if one 
has enough time. The algorithm is highly exponential. 

A polynomial is primitive if the greatest common divisor of its coefficients is 1. Gauss 
proved that if a primitive polynomial f(x) € Z\x) can be factored as the product of two 
polynomials having rational coefficients, it can be factored as the product of two polynomials 
having integer coefficients. Thus to decompose a polynomial f(x) G Q[x] into irreducible 
factors is equivalent to factoring a primitive polynomial in Z[x] into irreducible factors in 
Z[x\. For the remainder of this thesis we will concern ourselves with monic polynomials 
with integer coefficients. 

If one raises questions of efficiency, one must begin by asking how much space is required 
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to write down the factors of f{x) — z n + a„_ii n-1 . . . + a . The answer is: not very much. 
We present a simple bound here, a tighter result may be found in [Mi.] 

Suppose a ^ is a root of f{x). Then \a\ < l-f-maxi |a,| [Ma]. We let fa] = maxi|ai|, 
where the a/s are the conjugates of a over Q. If g(x) is a divisor of f(x), the roots of g(x) are 
a subset of the roots of f(x), and g{x) — JJ [x— a,). If g[x) = i m +6 m _ii m-1 +. . .+60, 

the bi's are integers, then 



a j, a root 
of 9(1) 



bi= Yl a h . 

aj k , a root 
of g(x) 



-<*U-i 



Thus |6i| < 2 n la]] 1 < (2|a]]) n , which means that each &< can be expressed in n(log|afl) 
digits. There are at most n factors of f(x), and each factor has at most n non-aero 
coefficients; consequently the complete factorization of /(x) requires no more than 
n 3 log(l + maxj|ai|) space. The factorization of f{x) has polynomial size length. A non- 
deterministic machine could guess the factorization and verify it by multiplying the factors 
together to obtain f(x). It is clear that the verification can be done in polynomial time. 

Algorithms which were developed for factoring polynomials over the integers had ex- 
ponential running time. An important one which worked well on average was created by 
Zassenhaus in 1969 [Za]. His idea was to factor f(x) mod p, for a carefully chosen prime 
p, and then to lift the factorization to p k for a large integer k. (In 1969, Berlekamp [Be] 
discovered an algorithm which factored a polynomial of degree n over Z/pZ in 0{n 3 p) 
steps.) The factorization mod p k is examined to give a factorization over the integers. This 
may be hard as the following example illustrates. 

The polynomial whose roots are ±y/2 ± \/3 ± \/5 ± ... ± y/pH, p n a prime, factors into 
linear or quadratic factors mod m for every integer m [Be2,p.733.] If we consider a reducible 
polynomial f(x) with roots in the above form, then factoring mod m gives no information 
on how to combine the linear and quadratic terms to yield a factorization of f(x) over the 
integers. 

Zassenhaus's algorithm has the problem that its worst case running time is exponential 
in the degree. For a time, it seemed it might be easier to check polynomial irreducibility 
than to factor. In 1979 Weinberger [Wei] showed that under the Generalized Riemann 
Hypothesis, testing irreducibility of polynomials is in polynomial time. In 1981 Cantor 
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[Can] proved that irreducible polynomials had succinct certificates. 

These improvements had no effect on the worst case exponential running time for 
polynomial factorization. Finally, in 1982, Arjen Lenstra, Hendrik Lenstra and Lazlo 
Lovasz announced an algorithm [L 3 ] to factor f(x) = a m x m + ... + oo G Z\x\ into 
irreducible factors over Z[x] in time 

0(m»+ e + m 7 +Mog 2+e (Ea?)), 

for any e > 0. Their algorithm incorporated several new ideas. As in previous 
algorithms, they factored f(x) over Z/pZ for a suitably chosen p, and raised that 
factorization to a factorization over Z/p k Z. They then defined a lattice contained in 
Z+Zx+Zx 2 +. . .-\-Zx m ~ l whose basis equals { p k x i | < i < I } \J{ h{x)x i | < i < m—l }, 
where h(x) is an irreducible factor of f(x) in Z/p k Z, and deg h(x) = /. By finding a "small" 
element in the lattice - using a basis reduction algorithm - they determine a factor of f(x). 
The L 3 algorithm brings many important algorithms into polynomial time. It is natural 
to ask if their algorithm can be extended to larger domains. Two domains of interest are: 
transcendental extensions and algebraic extensions. In Chapter 2 we show how to factor 
polynomials over algebraic number fields in polynomial time. The remainder of this chapter 
is devoted to filling in the necessary background for that result. 

2. Sizes of Coefficients 

It is a simple matter to show that if g(x) divides f{x) in Z[x], then g{x) is polynomial 
size as a function of f(x) to write down. The situation is only slightly more complex in the 
case of algebraic number fields. First we recall some definitions. An element a is algebraic 
over a field K iff a satisfies a polynomial with coefficients in K. An extension field L is 
algebraic over a field K iff every element in L is algebraic over K. It is well known that 
every finite extension of a field is algebraic; the finite extensions of Q are called the algebraic 
number fields. 

Every algebraic number field is expressible as Q(a) for a suitable a. Q[a) is isomorphic 
to Q[t]/g(t), where g(i) is the minimal (irreducible) polynomial for a. In our algorithms 
we will work with the number field in its formulation as Q[t]/g(t), although certain of our 
proofs will be in terms of Q{a). Let the degree of g(t) be m. The conjugates of a are the 
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remaining roots of g[t): ct2...a m , a can be thought of as ai. By the minimality of g(t), 
these are all distinct. (Note that the fields Q(a l ) are all isomorphic.) Every element /? in 
Q(a) can be expressed as /3 = a + c^a -(-... + o m _iQ m_1 , with the Oi's G Q, that iB, 
Q(a) is a vector Bpace of dimension m over Q. This provides a third way to describe an 
algebraic number field. 

Suppose 7 = go + ffi" + • • • + ffm-ia" 1-1 is an element in Q(a) , and 



m— 1 



/J = 6 n + b i2 a + • • • + hm<* 
/3a = b 2i + 622a + • • • + b 2m a m - 1 

0a— 1 = 6 ml + b m2 a + . . . + b mm a m - x 
If we define a map from Q(a) to Q[a) by: 

then the map corresponds to multiplication of the vector (g , . . .,g m —i) by the matrix (6^). 
If the matrices corresponding to /? and 7 are B and G, then /3-f 7 corresponds to B+G, and 
07 corresponds to BG. The set of matrices generated in this way form a ring isomorphic to 
Q{a). The matrix viewpoint is useful in analyzing certain algorithms. For example, that 
we can quickly test linear independence over Q of a set of elements of a number field is 
easily proved using these notions from linear algebra. Generally however, we will refer to a 
number field as Q(a) or Q[t]/g(t). 

It is convenient for us to consider a special class of algebraic numbers, the algebraic in- 
tegers. A number a is an algebraic integer iff it is a root monic polynomial over Z. Of course, 
any polynomial over Q can be multiplied through by itB common denominator, yielding a 
(not necessarily monic) polynomial over Z. Suppose /? lf . . ., /? m satisfy h(x) = h m i m +- ■ •+^H>) 
where the hi'& are in Z. Consider the following polynomial time transformation of h(x) into 
a monic polynomial with integer coefficents: 

= t m + ftm-i*™- 1 + . . . + *c-%' 

= g(t) 

The roots of g(t), h m p 1 ,...,h rn p m , are all algebraic integers. For the remainder of this 
discussion we assume a = ai,a2,...,a m are algebraic integers satisfying g(t), a monic 
irreducible polynomial over Z. 
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The set of algebraic integers of K = Q[a) form a ring, frequently written Ok- This 
ring is a natural extension of the integers, and many theorems about the integers can be 
generalized for the number rings. Of significance to us is Gauss' Lemma. It states that if 
f(x) is a polynomial in Z[x], f[x) can be factored as the product of two polynomials with 
rational coefficients iff f(x) can be factored as the product of two polynomials with integer 
coefficients, and can be generalized to: 

Proposition 1.1: Let f[x) G K [x\. Then f[x) factors as the product of two polynomials 
with coefficients in K iff f(x) factors as the product of two polynomials with coefficients in 
Ok- 

If we factor f[x), a polynomial in a number ring, the factors of f(x) also lie in the 
number ring. It is somewhat more complicated than it was in the case of the integers to 
show that factors of f(x) over O k will have short descriptions. We do so now. First we 
need to know what the ring of integers of an algebraic number field looks like. In general, 
computing a basis for the ring of integers of an algebraic number field is at least as hard as 
determining the squarefree part of an integer [Mar], and it may be as difficult as factoring. 
Fortunately it is not necessary to do. We observe the following proposition, whose proof 
appears in the appendix. 

Proposition 1.2: Let a be an algebraic integer satisfying g(t), a monic irreducible 
polynomial over Z. The ring of algebraic integers of Q{a) is contained in (l/d)Z[a], where 

d|disc( ff (t))=H^- a ^ 2 - 

If we factor a polynomial over Z[a][x], we are guaranteed that the coefficients of the 
factors lie in [l/d)Z[a]. In particular, if we show that an integer coefficient of a factor of 
a polynomial in a number field is less than the integer "a" say, then the coefficient can be 
written as b/d, where |6| < \a\\d\. Thus bounding a coefficient in absolute value bounds it 
in length of description. (That the number of digits needed to write down d is polynomial 
in \g{t)\ follows from the fact that disc(ff(t)) = (~l) :=1 T z:li Resultant((/(i),ff / (f)) [Be,p.l61.] 
(The resultant is defined in Section 3.)) 

We consider the question of length in greater detail. If g(t) = £ TO +a TO _i£ m ~ *+. . .+<*o> 
Oj in Z, then we define the size of g(t), \g(t)\ = 1 + max* |oj|. If f{x) = p n x n + . . . + /3 , 
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m— 1 

ft = J^ b lja j , then the size of f(x), |[/(x)J = (1 + max,,, |&„|)(1 + max; |a t |) m . Note 

that the size of f(x) in Q[x] includes the size of a as a factor. Following Weinberger 
and Rothschild, we define the size of /?, [[/?]], to be the maximum of the absolute values 
of the conjugates of /?. We have defined size of polynomials diffferently from Weinberger 
and Rothschild, but their proof bounding coefficient sizes of factors requires only minor 
modification. 

Theorem 1.3 [Weinberger and Rothschild]: Let /? be a root of f(x) G Z[a][x], notation 
as above. Then J/7] < fl/(z)]]. Assume that f(x) is monic, and let 

h{x) = h r x r + hr-ix'- 1 + . . . + A 

be a factor of /(i) in (l/d)£[a][x] which is primitive. If hi = (l/d){c im - i a m ~ 1 -f. . . + c i0 ), 
then \c t ,\ < m\lf(x)r\g(t)\ m \ 



proof: It is not difficult to see that [a + /3j < JaJ + ff^J, and that flc^l < |aj 

We have noted previously that flaj < 1 -f maXi |ai| = \g(t)\. A similar argument shows 

that 

I/?l<l + max|[ftl 

i 

< (1 + max IfcylXl + max | ai |) m 

< tt/(*)lf • 

Suppose h(x) | /(z) in Q(a)[x]. By Proposition 1.1, h{x) G (l/d)Z[a][x]. Now Ji(x) = 
JJ(i-ft), for some S C {l,...,n}. Then f/ij < (J)l/(x)l\ This in turn is bounded 

by l/(i)l n , since 2 < |/(z)]j and t < n. We have bounded |hjj in absolute value, now we 
seek to bound the integer coefficients of h». 

m — 1 m — 1 

If 7 G £(<*)> 7 = Yl r i aJ > r 3 ^ ^" Deflne 7« — X) r >^' and define a ma P ^ : 

C n i~> C n by L(ro, . . .,»%»— l) = (71, . . ., 7 m ). Note that this map is invertible and linear. 
It is invertible because it is a Vandermonde matrix formed from a%. . ,a m . We have det(L) 
= disc(^(t)) 1 / 2 . Let 17^ = max, M, and (r^ = maxil^). Since all of the u G Q, 
7 € Q{a), and 17^ = I7J. The action of L is multiplication by a matrix, which, by 
abuse-of-notation, we also call L, rL = 7. Thus r = 7L —1 , and {r^ < Mool^ - Moo» 
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where {L' 1 ^ = max( £ l tJ ). If r, = Cj/d, then \c 3 \ < dl/MlTl^loo- 



Next we bound |L~ 1 | OQ . By expressing L — 1 in terms of cofactors of L, we find that 
each entry of L~ 1 is bounded by 

m(m — 1) 

(m-l)!M-^ 
|det(L)| 

Therefore 

|L - lloo < g*-*- 1 



(disc(ff(t)))V2 

Thus 



m(m — 1) 



m(m — 1) 

A rough bound will do for us. We note that disc^i)) 1 ' 2 < JaJ 2 , and that [a] < \g{t)\. 
Thus, 

|c,-| < m\lf{x)l n \9(t)\ m2 



3. The Norm 

It is often easier to compute in the rationals than in the algebraic number fields, because 
of the rationals' simpler structure. A useful tool is the norm, which relates elements in the 
number fields to elements in Q. Let Q(a) be an algebraic number field, where a satisfies 
g(t), an irreducible polynomial over Q, and let fi = a + a^a -f- • • • + o m _ia m_1 6 <2(°0- 
Then 

Norm(l3) = N{(3) = J[{a + a^ + . . . + am^a?- 1 ) 

i 

If a is an element of the Galois group of g(t) over Q (see Chapter n, §4), then a(a) = a 3 , 
where a ; is a conjugate of a over Q. Then 

ffj{N{p)) = aAJliao + a iai + . . . + a m - t a?- 1 )) 

i 

= I[M fl o + a i a * + •• • + Om-iar _1 ) 

i 

= n(°<> + °i a ' + • • • + o m _ 1 ap- 1 ) 
t 
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since Oj just permutes the ai's; thus N(P) 6 Q- The norm is multiplicative, i.e. N{iP) — 
N(7)iV(/3). We can think of a polynomial /(x) G Q(a)M as a polynomial in two variables 
x and a, and denote it by f a {x). It is quite natural to extend the definition of norm to 
polynomials in Q(a)[x] by 

If f(x) e Q{a)[x], N[f{x)) £ Q\x\. Under appropriate hypotheses, a polynomial in Q(a)[x] 
can be factored by taking the norm of the polynomial, factoring the norm over the rationals, 
and raising that to a factorization over the number field. This idea is due to Kronecker. 
We examine these hypotheses in greater detail. 

Theorem 1.4: Let f{x) G Q(<*)[x] be irreducible. Then N(f{x)) is a power of an 
irreducible polynomial in Q[x]. 

proof: Suppose not. Then N{f{x}) = C{x)D{x) € Q[x], where C(x) and D[x) are 
relatively prime. N{f{x)) = YliUA 1 )'- therefore f a {x) must divide C{x) or D{x) in 
Q(a)[x]. Without loss of generality, / a (x) | C{x), which implies that there exists g a [x) € 
Q[a)[x) such that f a {x)g a {x)=C{x). Let a : Q{a)[x] if Q{ai)[x] be an isomorphism. Then 
a{C{x)) = C(x) since C{x) is in Q[x], but o{f a {x)) = f ai {x) and a{g a {x)) = g ai {x). Thus 
we have / a ,(x) | C(x) for all a« which are conjugates of a. Now C{x) and D{x) are relatively 
prime. Therefore for all Q i( f ai {x) >©(i), which implies that N{f{x)) = Jl* f°>i( x ) = c [ x )> 
and consequently N(f(x)) is a power of an irreducible polynomial. I 

Theorem 1.5: Let /(i) € Q{a)[x] be such that N{f{x)) is squarefree. Then if N(f{x)) = 
f]i Gi(x) is a factorijsation into irreducible polynomials in Q[x], then f(x) = 0* gcd(/(i), Gi(i)) 
is a factorization into irreducibles in Q(a)[x]. 

proof: Let ft(x) = gcd(/(i), G»(i)). Then we need to show that each ft(x) is irreducible, 
and that each irreducible factor of /(i) appears in 0» 9i[ x )- Let M 1 ) be an irreducible factor 
of f(x) in Q(a)[x]. By Theorem 1.4, N(h{x)) is a power of an irreducible polynomial. But 
N(h{x)) \N{f(x)), and N(/(x)) is squarefree; thus N{h(x)) = G»(x) for some i. 

The norm is multiplicative; thus the norm of f(x) equals the products of the norms of 
the irreducible factors of f[x). Each G»(x) is the norm of some irreducible factor of /(x). 
The Gi(x)'s are all irreducible and distinct, which implies that the (fc(x)'s are all distinct 
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and irreducible. Since all the irreducible factors of f(x) appear as some gcd(/(z), Gi(x)) we 
are done. I 

Our algorithm should now be clear. We begin with f(x). So long as N(f(x)) is 
squarefree, we factor it over the rationals, then compute gcd's to obtain a factorization 
over Q(a)[i]. These steps - computing the norm, factoring over the rationals, and taking 
gcd's - are all in polynomial time. The question of what to do if N(f(x)) is not squarefree 
remains. Kronecker [Kr] observed that so long as f(x) has no repeated roots in Q(o)[i], 
f(x) can be "twiddled" so as to make N(f(x)) squarefree. The proof we present is due to 
Trager [Tr.] 

Lemma 1.6: Let f{x) € £?(a)[i] be a squarefree polynomial of degree n, where [Q{ct) : 
Q)=m. Then there are at most ^^- integers a such that N(f(z -* «a)) is not squarefree. 

proof: Instead we show that there are at most ("t"- 1 ^-: 1 )) integers a such that 
N(f(x —so)) has a repeated root: this will immediately imply the result. Suppose that the 
roots of f(x) are { ft }, then the roots of N(f[x — aa)) are { ft + say }, where the ay's are 
conjugates of a. Then N(f{x — aa)) has a repeated root iff ft + say = ft + *«t> for some 
ij^korj^ I. This would mean a = (aj — ay)/(ftt = ft). (We can divide, since f{x) 
squarefree means that ft ^ ft for k ^ t.) Clearly there are at most ( n ( n ~ )™(™— )) 8Ucn 
s. I 

The algorithm we have suggested to factor polynomials requires the computation of 
norms. The coefficients of the norm are all symmetric functions in the a*, since N[f(x)) = 
J|/qu(z). The straightforward way of calculating takes exponential time. Fortunately 

there is a way around this difficulty. (The discussion which follows on resultants is from 
[vdW,§ 5.8]; we include it for the sake of completeness.) 

Let 

h{x) = h r x r + kr- i* r_1 + • • • + ho 
k(x) = k,x' + fc,-!!— 1 H Mo 

for hi, kj € K, a field. 

We define the resultant, 
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Res x [h(x), k{x)) = 
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Observe that h(x) and k{x) have common divisor <j>(x) iff there are polynomials j(x), l(x) 
where 

h{x)j{x) = fc(i)/(i) 

and deg(j'(x)) < s,deg(/(z)) < r. In this case, Res x (h(x), k{x)) — 0, since the r + s rows 
of the resultant are not linearly independent. The resultant also vanishes if k a = h r = 0. 
These are the only times the resultant vanishes. Let 

h(x) = h T {x — ai)...(i — a r ) 

k{x) = k s {x - fa)...{x - fa). 
We view the coefficients of h(x), h^, as symmetric functions in the variables a's, and 
the coefficients of k(x), k u , as symmetric functions in the variables £'s. The resultant is 
homogeneous of degree s in the h M , and of degree r in the k„. Then R(x) =Res x (h(x), k(x)) 
is equal to h*k r a times a symmetric function of the oti,fa. If we consider the roots an, fa as 
indeterminates Xi, yj, the polynomial k(x) vanishes for Xi = j/y, since in this case h{x) and 
k(x) have a linear factor in common. Because the linear forms x* — y 3 are relatively prime 
to one another, R(x) must be divisible by the product 

i 3 

Now k(x) =■ k 8 JJ(i — yj). If we substitute x = ij, we see that: 

j 

n ***)=*; nip* --*•)■ 

* * 3 

Therefore T = k r M JJ k{xi) = {—l) r 'h r , JJ %,-), and Rea x [h(x), k{x)) = h' r J[ kfa), where 

» 3 

the c*j are roots of h[x). Then 

WW) = n /-it*) = rm *(»w, /(*. o)/c 
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where f(x, t) is f[x) with i's substituted in for a's. 

We have introduced the resultant because it is a computationally efficient way to 
compute the norm. We now have almost all the tools neccesary to factor polynomials over 
algebraic number fields. In the next section, we examine gcd algorithms; then we will be 
ready to factor polynomials over algebraic number fields. 

4. Computing Greatest Common Divisors 

Algebraic computation has benefitted from the fact that many classical algorithms in 
algebra and number theory are highly efficient. This includes the Euclidean algorithm; 
however, a naive implementation runs the problem of coefficient blowup. Collins, and Brown 
and Traub were able to resolve this difficulty by using the theory of subresultants. In our 
algorithm, we will need to compute gcd's of polynomials over Q and over algebraic number 
fields. 

Theorem 1.7 [Brown]: Let f(x) and g[x) be polynomials over Q[x], of degree m and n 
respectively. Then gcd(/(x), g(x)) can be computed in 0{max{\f(x)\, \g{x)\) 2 {max(m,n) 4 )) 
steps. 

Corollary 1.8: Let a satisfy a monic irreducible polynomial i(t) over Z of degree /x. Let 
d be the discriminant of 7(f). If /(i) is of degree m and g{x) is of degree n are polynomials 
over O k [x), K = Q[t]/g{t), then the gcd(/(i), g(x)) can be computed in 

0{m{[m + n)(log lf{x)\ + log \g{x)\) + /i log b(t)|) 2 ((m + n) 7 + /**)) 

steps. 

proof: We perform Brown's algorithm 1 [Br2] with a minor modification. We assume 
that f[x) and g[x) are polynomials in two variables, x and t, and that we compute the gcd 
first with respect to x. The way we do this is to compute the gcd of the coefficients of f(x) 
and g{x). Suppose c\[t) and di(t) are the respective gcd's of the coefficients. Then we com- 
pute gcd o[t]/ „ (t) (/(x)/ei(0, j(i)/diW)- ^ Gi(x) = f(x)/c l (t),G 2 (x) = s(s)M(t), then we 
successively compute the subresultants G3, . . ., Gfc until the pseudoremainder (Gk—i, Gk) = 
0. The coefficients of the pseudoremainders Gi(x) are polynomials in t. Each time however, 
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that we compute a pseudoremainder Gi{x) we perform the first step of the gcd algorithm on 
the coefficients of Gi(x) with respect to g(t). This has the effect of reducing the coefficients 
of Gi(x) mod g(i), which is precisely what we want. 

Computation of the subresultant requires 0{{m + n)(log \f[x)\ + log |[ff(x)J) 2 (m + 
n) 7 ) steps, since the number of variables, v = 1, the length, I = (m -\- n)(log [/(x)J + 
log |<7(x)]]), 6 = 1 and adds only a constant factor, and d and &i are bounded by m -f- n. 
Similarly, the time for each pseudodi vision by "j(t) is 0(([m + n)(log |/(z)J + log Ig(x)j) + 
A* l°g hK*)) 2 ^ 3 ) ste P s smce tne degrees, d.2, 6 and d are less than m -f- n, and v, the number 
of variables, is 1. This process must be done at most min(m,ri) times; wlog min(m,n). 
Thus the entire computation requires at most 0{m{{m + n)(log |/(z)J + log|ff(i)l) + 
H log h(t)|) 2 ((m + n) 7 + m 3 )) steps. I 
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Chapter II 

Factoring Polynomials over Algebraic Number Fields 



1. An Algorithm 

We have provided the necessary background for factoring polynomials over algebraic 
number fields. Let a be a root of g(t), a monic irreducible polynomial with coefficients in 
Z, and discriminant d, and suppose f(x) of degree n is a polynomial whose coefficients lie 
in O/C) where K — Q(a). We can think of f(x) as a polynomial in two variables, x and a. $ 

(When there is no risk of confusion, we use f(x) and f{x, t) interchangeably.) 

In Chapter I, we sketched an algorithm due to Kronecker, for factoring polynomials 
over an algebraic number field. We present it here. We find h(x) = gcd(/(z), /'(a?)). Then 
h(x) is squarefree, and all the irreducible factors of f(x) appear as factors of h{x). We 
compute an integer "c" such that NQ( a )/Q(h(x — ca)) =■ F[x) is squarefree. Using the L 8 

r 

algorithm, we factor F(x) — JJ Fi(x) over Q. By computing the gcdQ( a )(Fi(i), h(x)) for 

t = l,...,r, we obtain a factorization of h(x) over Q{a). This allows us to determine a 
factorization of f{x) over Q{a). We now give an algorithm to factor f(x) over Ok[x] in 
0((mn) 9 +<log 2+£ ((mn) 2 | g[t) \ |/(x)D) steps. 
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Algorithm 2.1 FACTOR 

input: g(t) 6 Z[t], monic, irreducible 

/(i) € Q[x,t}; f{x) with coefficients in K , K = Q[t]/{g{t)) 

Step 1: c «— 1 

c(t) 4- cont(/(i, t)) 
f(x) <- /(*)/e(t) 

*(i)*-g«*9lt]/«(t)(/(i). /'(*)) 
/i(i) <- /(i)/*(z) 

Step 2: /(i) <- Res t (sf(t), h{x — ct)) 

While (gcd(/(x), l'[x)) ^ 1), do: 
c «— c-(- 1 
/(i) «- Res t (ff(t), h(* — ct)) 

r 

Step 3: Factor l{x) = JJ F»(x) 

Step 4: For i = 1, . . ., r, do: 

fi{x) - gcd Q[t j /j(t) (Fj(x + ct), h{x)) 

Step 5: If (fc(i) = 1) then return { U{x) }, c(t) 
Else for t = 1, . . ., r, do: 

While gcd(Fi(z + ct), k{x)) ^ 1, do: 
j «- j -f- 1 

/ 3+r (x)<-gcd(F,(x + ci),M*)) 
fc(x) 4- k(x)/f j+r (x) 

return: { fi(x) }, c(t), where /j(x) is irreducible and primitive over O/cM) 

3+r 

where K = Q[t]/ ff (t), and f[x) = c(t) JJ /i(«) 
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Theorem 2.1: Algorithm 2.1 computes a factorization of f(x), a polynomial of degree n 
over K [x] into irreducible factors in K [x). It does so in 0((mn)'+ f log 2+£ (m 2 n 2 |g(f)|([/(x)]])) 
steps. 

proof: The algorithm has four major steps. Step 1 transforms f(x) into a primitive 
polynomial and computes the squarefree part of f(x), h[x). In order to factor f(x) it suffices 
to factor h(x). Step 2 computes an integer c such that Norm^ t ]/ g ^ t ))/Q(h(x — ct)) is 
squarefree. Lemma 1.6 guarantees that there is a c lesB than (degree(ff(£))degree(/(x))) 2 
which yields h(x — ct) which has squarefree norm. 

T 

In Step 3, we factor l(x) = N(h(x—ct)). Theorem 1.6 assures us that if l{x) — JJ Fi(x) 
is a complete factorization of l(x) in Q[x], then 

t r 

h(x - ct) = JJ gcd(^(x), h(x - Ct)) = JJ fi{ X - ct) 

i=l i=l 

will be a complete factorization of h(x — ct) in Q(a)[x]. We are interested in a factorization 
of h(x) however; instead we compute fi(x) = gcd(Fi[x -f ct), h(x)). We are nearly done. 
All that remains to be done is the factorization of A:(x), but all irreducible factors of k(x) 
appear as factors of h(x). By computing gcd's, Step 5 computes a complete factorization of 
Jfc(x). 

By the work of Collins, Brown and Traub on polynomial gcd's, it is clear that all of the 
above steps can be done in polynomial time. We do a careful analysis to obtain the bounds 
of the theorem. (Note that the work of Weinberger and Rothschild shows that h{x) in Step 
1, and the fi(x) in Steps 4 and 5 are polynomial size in (log |/(x)l,log \g(t)\, m,n) to write 
down.) 

Step 1 requires n gcd's of polynomials in a single variable to obtain c(t), and one gcd 
over Q\t]/g{t) to obtain A;(x) and h(x). The time required for Step 1 is subsumed by the 
time required for Steps 2 and 4. 

In Step 2, we must find a c such that Norm^Qityg^yq^x — ct)) is squarefree. We 
compute the norm by resultants. The resultant is the deteriminant of a 2m X 2m matrix 
whose entires are polynomials in x. The integer coefficients of these polynomials are bounded 

2 

by (mn) m + 1 m!([/(i)| n |ff(t)| m in absolute value, and therefore the integer coefficients of 
the resulting polynomial, the norm, are bounded by (2m)!((mn) m+1 m!|/(i)J n |^(t)| m ) 2m . 
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We need to determine if N(h(x — ct)) is squarefree; we do this by computing the gcd of 
N(h(x — ct)) and N'{h[x — ct)) over Q[x]. Now the roots of N(h(x — ct)) are of the form 
/? -f- ca , where f3 is a root of f(x), and a is a root of g(t). Thus 

H/3 + caJ < e g/3]|a] < (ran) 2 \f{x)\\g{t)\ 

It follows that the integer coefficients of N(h(x — ct)) and N'(h(x — ct)) are less than 
((mn) 2 [[/(x)J|ff(t)|)' nn since the polynomials are of degree at most ran. By Brown [Br2] this 
gcd requires at most 0((mn(log((mn) 2 |/(z)]]|ff(*)|)) 2 (mn) 4 ) =0{m 6 n 6 lf{x)l\g{t)\) steps. 

Step 3 factors l(x) = N[h(x — ct)) which is squarefree. As before, the integer coefficients 
of N(h(x — ct)) are less than ((mn) 2 |{/(z)]]|3(f)|) mn in absolute value, or require at most 
mnlog(ra 2 n 2 ([/(i)||j(t)|) bits to write down. Thus l(x) can be factored in 0((m T+t n 7+e ) 
(mnlog(m 2 n 2 I/(x)l| ff (t)|)) 2 + £ ))=0(m 9 + £ n 9 + £ log 2 + £ (m 2 n 2 I/(x)l| ff (t)|)) steps. 

In Step 4, we compute at most n gcd's of polynomials. The factors determined 
in Step 3 of the Algorithm are of degree at most mn, and have coefficients of length 
at most ranlog(m 2 n 2 |/(x)]l|g(t)|) bits, while h(x) is of degree at most n, with integer 
coefficients requiring at most n log |/(x)J + ra 2 log \g(t)\ bits. Thus this step can be done in 
0((mn) 9 (n J/(x)l + w 2 Iff(i)i) 2 )) steps. Finally the running time in Step 5 is dominated by 
that of Step 4. Our total running time is dominated by Step 3 of the algorithm, and the 
theorem is proved. I 

The running time of the algorithm we present to factor polynomials over algebraic 
number fields is dominated by the time required by the L 3 algorithm to factor polynomials 
over the integers. We expect that the running time of this algorithm will be improved. To 
simplify what is to follow, we let F(log \g{t)\, m, log I/(x)J, n) be the time required to factor 
f(x) of degree n over Q[t]/g(t), where g(t) is a monic irreducible polynomial of degree m 
over the integers, and f(x) € Ok, where K — Q[t]/g(t). 



; m 



sk 
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2. Primitive Elements 

We observed earlier that an algebraic number field can be written as Q{a) for an 
appropriate a. In our algorithm, we assumed that the number field over which we are 
factoring was preseneted as Q{a). Suppose we were asked to factor /(i) € <?(<*, /J)[i]; 
how would we proceed? We could calculate a primitive element for Q(a, /3), and apply the 
Algorithm 2.1 directly. Alternatively, we might observe that 

N Q{cf>)/Q{f{ x )) = N Q(a)/Q{ N Q(<*,P)/Q{oc)U '{*)))■ 

In order to factor f(x) over Q(a, /?), we could compute Nq^ at p)/q^ a )[f{x)), and then con- 
sider the question of factoring that polynomial over Q(ot). Such an approach leads to a 
bootstrapping technique for factoring which is, in some cases, faster than the method of 
finding a primitive element. For later applications however, we have found it useful, and 
not more costly to obtain a primitive element. 

If /S satisfies h(x), an irreducible polynomial over Q{a), then whenever NQ( a )/Q(h(x— ca)) 
is squarefree, Q(f3 -f- cc = Q[ a > &)• This is a consequence of Theorem 1.6. We prove this 
result. 

Proposition 2.2: Let a satisfy g(t), a monic irreducible polynomial of degree m over 
Z, and let ft satisfy h(x), a monic irreducible polynomial of degree n over K = Q(a) with 
coefficients in Ok- Then there is an integer c less than (mn) 3 such that Q(ca -\- 0) — 
Q(a, P). Furthermore, let /(x) be the minimal polynomial for ca -f /? over Q which has 
integer coefficients and is monic. Then |/(af)| < ("x«IM x )Slfl'WI) mn am * degf/t 1 )) = mn. 

proof: Pick an integer c such that NQ( a )/Q(h(x — ca)) is squarefree and consider 
h{x — ca) = h(x — cy, y) as a polynomial in two variables. Then a is a root of h[(3 — cy, y). 
Let the roots of g(t) be ai(= a), 02,..., a m . Observe that oy 7^ a is not a root of 
h((3 — cy, y) since otherwise NQ( a yQ(h(x — ca)) = []» M 1 — ca ») w° u W have a multiple 
root /? , and would not be squarefree. We see that y — a = gcd(/i(/? — cy, y), g[y)). This 
means a is in Q{fi -f ca), and consequently that Q(ca -f P) = Q{&, P)- Then f(x) = 
NQ( a )/Q(h(x — ca)) is the minimum polynomial for ca -f- ft over Q. Since the roots of f(x) 



.»* 
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are { fa -\- colj | 1 < i < n, 1 < j < m }, 



< (mn|Mi)l|s(t)|) mn . 
That degree(/(x)) = mn is obvious. I 

3. Corollaries 

The ability to factor allows many other computations. Questions whose solutions were 
infeasible are now in polynomial time. We list several consequences of Algorithm 2.1 before 
we turn to Galois theory. 

Corollary 2.3: Factoring multivariate polynomials over algebraic number fields is poly- 
nomial time reducible to factoring multivariates over the rationals. 

proof: The algebraic property necessary for the proofs of Theorems 2 and 3 is that 
Q(a)[x] is a unique factorization domain. Since Q(a)[xi,...,x n ] is also, Theorems 2 and 3 
extend to these domains. To prove Lemma 4, we consider f{x\,. . ., x») G Q(a)[ii, . . ., x n ] as 
a polynomial in xi with coefficients in (J>(a)[i2, . . ., x n ]. (Note that since we can factor n-f 1 
variable polynomials over Q, we can compute the gcd of n variable polynomials over Q[a).) 
Let deg Ii (/(x 1 , . . ., x n )) = nj, and [Q[a] : Q] = m. As before, we assume /(xi, . . ., x n ) is 
squarefree; otherwise we take the gcd to obtain the square free part of /(ii, . . ., x n )- Then 
N(/(xi,...,x n )) has no repeated roots. Viewing /(xi,...,x n ) as a polynomial in x\ with 
coefficients in Q(a)[x2, ■ ■ ., x n ]> it has n x roots. The proof of the lemma goes through as 
before, and we obtain our reduction. I 

Kaltofen [Kal],[Ka2], and A. Lenstra [Lpc] have independently shown that factoring 
a polynomial with a bounded number of variables over the rationals is polynomial time 
equivalent to factoring a univariate polynomial over the rationals. In light of Corollary 2.3 
and the earlier [L 3 ] result, we conclude that factoring a polynomial with a bounded number 
of variables over an algebraic number field presented as Q(a) can be done in polynomial 
time. 
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Corollary 2.4: Let a satisfy g(t), an irreducible polynomial of degree m over Z, and let /? 
satisfy f(x), an irreducible polynomial of degree n over Z[a\. Then determining if the inter- 
section of Q(a) and Q(fi) is Q can be done in time polynomial in (log \g{i)\, log |/(z)]|, rn, n). 

proof: Let h(x) be the minimal polynomial of over Q. If a does not satisfy h(x), (i.e. 
a and /3 are not conjugates over Q), then Q(a) D Q{P) = Q iff h(x) remains irreducible over 
Q{a). If a is a root of h{x), then Q{a) n <?(/9) = Q iff fr(z)/x — a is irreducible over Q{a). 

I 

Those number fields, Q{a), which are distinguished by the fact that a may be expressed 
as a combination of several m" 1 roots are called the radical number fields. 

Corollary 2.5: Finding bases for radical number fields can be done in polynomial time. 

Corollary 2.6: Finding bases for algebraic number fields can be done in polynomial time. 

For a long time normal polynomials - polynomials which factor completely upon adjoing 
a single root - were most difficult to factor. In the next section, we will present a brief 
background to Galois theory. However we would like to note the following corollary: 

Corollary 2.7: Let f(x) € Z[x] be of degree n. Then f{x) can be checked for normality 
in time polynomial in (log |/(i)|, n). Furthermore, if f{x) is normal, computing its Galois 
group can be done in time polynomial in (log |/(i)j, n). 

4. A Brief Introduction to Galois Theory 

Let K be an algebraic number field, and let f(x) be a polynomial with coefficients in K, 
with roots a lt ...a m . Then K( Q ») — K\ x \l f{ x ) — ^( a i)> but in general, Kfa) j£ K{atj) 
for t 7^ j. The field K{ai,...,a m ) is called the splitting field of f(x) over K. We consider 
the set of automorphisms of K(ct\,,.., a m ) which leave K fixed. These form a group, 
called the Galois group ofK{cti,..., a m ) over K. As we can think of these automorphisms as 
permutations on the ai, this group is sometimes referred to as the Galois group of f(x) over 
K. The Galois group is transitive on { a\, . . ., a m }, that is, for each pair on and a, there is 
an element a in G, with ct(ou) = ay. Galois' deep insight was to discover the relationship 
between the subgroups of the Galois group G, and the subfields of K(ati, ..., a m ). 

Let if be a subgroup of G. We denote by K{ai,...,a m ) H the set of elements of 
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K(a u ■ . ■, a m ) which are fixed by H. This set forms a field, for if /? and 7 are fixed by all 
a in H, then so are /? ± 7, /? X 7, and (for 7 ^ 0), /?/7- Furthermore if fixes K so that we 
have 

K C KK,... ,a m ) H C K-(a lf ....,a m ) . 

Conversely suppose that K"(7) is a field such that K Q K(i) C K{a\, • ■ ;<x m ). Then 
7 can be written as a polynomial in ax, . . ., a„i, and H, the subgroup of G which fixes K(i) 
consists of those elements of G which fix 7. The relationship between the fields and the 
groups can be more formally stated as: 

Fundamental Theorem of Galois Theory: Let K be a field, and let f{x) with roots 
<*i, —,a-m, be irreducible over K[x]. Then: 

(1) Every intermediate field K"(/3), K C K{p) C K(a l ,...,a m ) defines a subgroup H 
of the Galois group G, namely the set of automorphisms of K which leave K(0) fixed. 

(2) K((3) is uniquely determined by H, for K{fi) is the set of elements of K(cti, ..., a m ) 
which are invariant under the action of H. 

(3) H is normal iff K[ai, ..., a m ) over K{P) is a Go/ots eitena»'on, that is, iff the minimal 
polynomial for /? over K splits into linear factors over K{a\, ..., a m ). In that case, the Galois 
group of K{P) over K is G/#. 

(4) |G| = [K(a u ..., a TO ) : K], and |H| = [/C( Ql , ..., a m ) : X^)]. 

Once the Galois group is known, the Fundamental Theorem allows us to determine all 
intermediate fields: 

Theorem A: Let the hypothesis be as in the Fundamental Theorem. If 

K CLt CL 2 CK{a lt ...,a m ) 

then the group G% corresponding to L2 is a subgroup of the group G\ corresponding to L\, 
and vice versa. 

Theorem B: Let the hypothesis be as in the Fundamental Theorem. Then: 

(1) Let L\ and L% be two subfields of K[ai,...,a m ) which contain K. Suppose Hi 

and H 2 are the subgroups of G which correspond to L\ and La respectively. Then H\ n#2 

is the subgroup of G corresponding to L1L2. 
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(2) The field corresponding to H\H% is L\ f) L%. 

We want to know the answer to the following question: What irreducible equations have 
the property that their roots can be expressed in terms of the elements of the base field K 
by means of rational operations and taking radicals. Let us be more precise. In general yfa 
is a many valued function, as in, for example >/l. We will require that all solutions to the 
equation in question be represented by expressions of the form: 



^v^ 



(or similar ones), and that these expressions are to represent solutions of the equation for 
any choice of the radicals appearing. (If a radical appears more than once, it is assigned 
the same value each time.) 

Since roots of unity can always be expressed in terms of radicals, let us consider for a 
moment determining expressibility of a root in radicals over Q{$ m ), where f m is a primitive 
m ih root of unity. This will simplify the situation. (We will discuss the question of 
expressing roots of unity in terms of radicals in Chapter V.) Suppose a root a* is expressible 
in terms of radicals, and the expression is an m th root. If m is not prime, m = mimj. 
Then taking an m th root could be broken into two steps, first taking an m\ h root, then an 
mj'* root, By further decomposition, one need only take roots of prime degree. This would 
give rise to a series of field extensions, (?(f m ) = Ft C F^—i C ... C F Q , where Fi_i is 
an extension of Fi which arises by taking a p\ h root of an element in Fi—i. Each Fi—i 
is a Galois extension of F». The accompanying lattice of groups, Go C G\ C — C G* = 
G, where G» is the subgroup of G which fixes Fk—% satisfies the following two important 
conditions: G^—i is normal in Gi, and Gi/Gi—i is of prime order. A group which satisfies 
these two conditions is called solvable. Galois showed that f(x) is solvable in radicals iff the 
Galois group of /(i) over Q is solvable. 

Fundamental Theorem on Equations Solvable by Radicals: 

(1) If one root of an irreducible equation f(x) over K can be represented by an expression 
of the form (*), then the Galois group of f{x) over K is solvable. 

(2) Conversely, if the Galois group of f(x) over K is solvable, then all roots can be 
represented by expressions (*) in such a way that the successive extensions Fj_i over Fi 
are extensions of prime degree, with F^_i = Fi{\fa^, with o» G Fi, and x p — o^ irreducible 
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over Fi. 

The problem of checking solvability by radicals can be converted to a problem of 
determining if a group is solvable. On first glance, it is not obvious that this reduction 
is useful. How does one check solvability of a group? Various algorithms exist [Sims], [FHL] 
which can do this in polynomial time given generators of the group. Since there is at present 
no polynomial time algorithm for determining the generators of the Galois group, we do not 
use this approach. An obvious approach is to divide-and-conquer, and solvability provides 
a natural way to do this. If H is a normal subgroup of G, then G is solvable iff H and G/H 
are. Finding the right set of H's is the key to solving this problem, and is the subject of 
the next chapter. 
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Chapter III 

Finding Blocks of Imprimitivity 



1. Background 

The Galois group, G, is a transitive permutation group on the set of roots, 

{ai a m } = J) 

We define: 

G a = {oeG\a(a) = a} 

and we call G regular if G is transitive and G a = 1 for all a. A fundamental way the action 
of a permutation group on a set breaks up is into blocks: a subset B is a block iff for every a 
in G, o(B) f~l B = B or 0. It is not hard to see that if B is a block, oB is also. Every group 
has trivial blocks: { a } or Q. The nontrivial blocks are called blocks of imprimitivity, and 
a group with only trivial blocks is called a primitive group. The set of all blocks conjugate 
to B: B, o-iB. . .OkB, form a complete block system. If B ^ ft is a maximal block of G we 
can consider an induced action of G on { B, o 2 B. . .a^B }. Our idea is to construct minimal 
blocks of imprimitivity, and to consider actions on the blocks. In this section we provide 
the background necessary for our algorithm. Our first theorem is the following well known 
characterization of primitive groups. 
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Theorem 3.1: Let a G A, |fl| ^ 1. Then the transitive group G on Q is primitive iff 
G a is maximal. 

proof: Let A be a nontrivial block containing a, and suppose /3 ^ a G A. Define 

H = {aGG|a(A) = A} . 

Then G a C H. G is transitive, thus there is a cr G G with a(o) = /?. In particular, there 
is a a G if with a(a) = /?. Then G a ^H. Furthermore A =^ ft, so H ^ G, and therefore 
G a is not maximal. 

Next assume there is a subgroup H of G with G a ^H^G. We let 

A={o{a)\o£H} , 

and we claim that A is a block. If /3 is in A f] tA for some r, and element of G, then 

/? = ffi(a) = ra 2 (a) 

with o\,o% belonging to if. This means that a^ra-i. are elements in G a . But ai,ff2 are in 
H. and thus r is an element of H. But G a ^H means that A contains some element other 
than a. But A = tA only for r in if. We know that H ^ G implies that A 5^ fl. Therefore 
G is imprimitive. I 

Actually the same proof may be used to show the stronger: 

Proposition 3.2: The lattice of groups between G a and G ia isomorphic to the lattice 
of blocks containing a. 

Let a be a root of /(x). If f{x) is a normal polynomial, i.e. /(x) factors completely in 
Q(a)[z], the Galois group can be computed easily. Suppose /(x) = (x— a)(x— 012). . .(x— a m ) 
in Q(a)[x], then the a»'s will be expressed as polynomials in a, a* = Pi{o). Since the Galois 
group is a permutation group of order n on n elements, for each (*i there is a unique Oi in G 
with <Ti(a) = a.i = p(a). Then Oi{a) — p»(a) implies that Oi{aj) = Oi(pj{a)) = p,(a»(a)) 
= P][Pi{ a ))) an d the action of Oi on fi is easily determined. We can construct a group table 
for G and identify a set of minimal blocks in polynomial time. Of course, the case that 
/(x) is normal happens only rarely. But it is not much more difficult to construct minimal 
blocks in the general case. 
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Theorem 3.3: Let A C ft, and a € ft. Then 

a€<r(A) 

is a block of the transitive group G. 

proof: Let a be an element of G, and suppose A fl a A ^ 0. Let a be in A, then a an 
element of rA implies a is in ark. Then A C <tA. But we know that |A| = |aA|, which 
means that A = ctA. 

Next suppose /3 <E Aflc A. Since G is a transitive group, there is a r £ G with r(a) = /?. 
Then a is an element of r~ *A and r — 1 ctA as well as in A. This means that 

A = r _1 A = t _1 (7A 

and in particular rA = A. Then A is a block of G. I 

Corollary 3.4: Let 

A={/3|a(/3) = /3 (VoeG a )} 

Then A is a block of G. 

proof: We let A = A. The corollary follows immediately from Theorem 3.3, since 
a(a) = a for all a in G a . I 

Theorem 3.1 gives a characterization of primitive groups. We offer as an alternate 
characterization one that will allow us to compute blocks of imprimitivity. 

Theorem 3.5: Let a be an element of fl, |fl| ^ 1. Then the transitive group G on is 
primitive iff Va ^ /?, G a Gp = G, or G is regular of prime degree. 

proof: We suppose G is not regular. 

Let A be a nontrivial block of imprimitivity, with a, fi be elements of A, with a ^ /?. 
Then G a , Gp C G A implies G a Gp C G A . Since A is a nontrivial block of imprimitivity, 
G A ^ G, and we conclude G a Gp ^ G. 

Next we assume G a Gp j£ G for some jS^a. Let 

k={o(a)\oeG a G p } 
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We claim A is a block. For suppose 7 is contained in ARtA, t an element of G. Then 7 = 
ffl (a) = To 2 {a), for some a x ,a 2 in G a Gp. But a = af 1 ra 2 (a) implies that o^ra^a) is 
in G a . Since o x ,o 2 are both in G a Gp, we have r is an element of G a Gp; therefore A = tA, 
and A is a block. If A is nontrivial we are done. 
Suppose A = { a }. Then G a = Gp, and we let 

A = {Tf|a(7) = 7 Va6G a } 
We know a, /3 are in A, so A is nontrivial. Furthermore G is transitive, so A 7^ fl. By 
Corollary 3.4, A is a block. 

Our final case occurs when A = Q. Let r be an element of G, and suppose r(a) = 7. 
Then there is a a in G a Gp, with a(a) — 7. Thus r~ x a{a) — a, and r~ l a belongs to G a . 
But this would mean that r is in G a Gp, and that G a Gp = G, contrary to assumption. We 
are done. I 

Proposition 8.6: Suppose G acts transitively on fi, and G a has no fixed points except 
a. Let A be a minimal nontrivial block containing a. Then for all 7 in A, 7 5^ a, A = 
{o{a)\o£G a G 1 }. 

proof: Let 7 be in A, 7 j£ a. Then we let A = { a(a) | a £ G a G 1 }. Since G a G 1 C Ga» 
we have A C A. 

Next, suppose /? is an element in A (1 tA for some r in G. Then /? = 0i[at) and 
f) =z Tff 2 (a), with ai,a 2 elements in G a Gp. But a = aj~ 1 ra 2 (o!) means that af 1 Ta 2 is an 
element of G a . Then r belongs to G a Gp, and rA = A. Therefore A is a block. But A is a 
minimal nontrivial block containing a; therefore A = A. I 

Proposition 3.6 provides the backbone of our algorithm. Since the roots of the ir- 
reducible factors of f[x) form the orbits of G a , the orbit structure of G Q can be determined 
from a factorization of f(x) in Q(a)[i]. Similarly we can deduce the orbit structure of Gp 
from a factorization of f(x) in Q(/?)(z]. By considering a factorization of f{x) in Q{a,f})[x), 
we can tie together the orbit structures of G a and Gp in such a way as to determine if 
G a Gp = G. By transitivity, a can be fixed, and we need loop only over /?. 

Let f[x) be an irreducible polynomial over Q, with roots oti,..., a n . Suppose 
f(x) = (x— ai)g 2 {x). . .g r (x) in Q(ati)[z], and 
f{x) = (x — a a )h 2 {x). . .h r {x) in Q{ct 8 )[x], 
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with gi(x) — x — «i, and hx{x) = x — a s . We consider G, the Galois group of f{x) over 
Q, acting on the roots of f(x). We propose to determine a minimal nontrivial block of 
imprimitivity containing a, if it exists. Observe that the factorization of f(x) over Q(a s )[i] 
is the same as the factorization of f(x) over Q(qi)[i], with a s 's substituted in for ai's. 

Suppose (x — Pv(«i)) is a linear factor of f(x) in Q(ai)[i]; then pi(x) = (i — a*) is fixed 
by G ai . We know by Corollary 3.4 that the linear factors of /(i) form a block. Suppose 
the block A consists of the roots en,..., a*. Let us consider the induced action of Ga on 
A. Since G is transitive on a\,...,a n , G\ must be transitive on cti,...,ak. The action 
of G\ on A can be determined, since for t = 1, • . ., k, a, = Pi(ai). Let a be in Ga and 
let o be the induced action of a on ai,..., a*. Then if o{ct\) = otj = Pj(<*i)> we have 
W(ai) = W(pi{ai)) = pj(pi[a\)). We determine the group table of the induced action of Ga 
on A, and find a minimal block T of Ga which contains a t in polynomial time [At.] 

Finally we observe that T is a block of G. For suppose T fl rT ^ $ for some t £ G. 
Since A is a block of G, and T C A, it must be the case that rT C A. But T is a block of 
G A , thus r n tT = r. 

Next suppose f(x) has no linear factors in Q(ai)[i] except (x — on). Let us consider a 
factorization of f(x) over Q[ax, a s )[x] for a a j£ on. This will tie together the factorizations 
of f(x) over Q(ai)[i] and Q(a,}[i]. In particular, this will enable us to compute the block 
fixed by G ai G a ,. 

Define a set of graphs T s , s = 1, . . ., r with vertices V, and edges E by: 

V = { gi {x),i = 1,. ..,r}{j{hi{x),l = l,...,r} ' 

E — { {M, hj{x)) | gcd(fc(x), hj[x)) # 1 over Q(at, a.) } . 

Then we compute the Bet of vertices connected to go(x). Let 

*(*) — II *(*) ' 

9i(x)ia 
connected to Qo{%) 

and let A 5 = { Qj | cti is a root of g(x) }. We claim A, = {ff(ai) | a € G ai G a , }. To prove 
this we observe the following: 

Lemma 3.7: Let oti be a root of gi{x) in Q(ai)[x]. Then the roots of gi(x) are precisely 

G ai (at)- 
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It follows immediately that gcd(ffi(i),/ij(a:)) 7^ 1 iff G ai (<*i) H G a ,(a,) j£ 0, where a; 
is a root of gi{x) and a 3 is a root of hj(x). This implies: 

Lemma 3.8: Let a ; be a root of ffy(x), a factor of f(x) in Q(qi)[i]. Then 

a 3 €A s = {a(a 1 )|a€G Ql G a ,} 

iff 9j{ x ) is connected to ffo(s). 

If we compute T s for s = 1, . . ., r, we are cycling over all oti 7^ ai which are roots 
of /(i) and computing G ai G a ,. By Lemma 3.6, this will give us a minimal nontrivial 
block containing c*i, if one exists. In the next section we present an algorithm to compute 
the minimal blocks of imprimitivity, along with a proof of correctness and an analysis of 
running time. 

2. An Algorithm 

Algorithm 3.1 blocks 

input: f(x) G Z[x], f(x) irreducible of degree n over Z 

Step 1: Find c 5^ such that N z {f(x — cz)) is squarefree and factor N z (f{x — cz)) over 

Q, 

1 

N M {f{x - cz)) = JI Gi(x - cz) 

[At most n 3 c's in Z do not satisfy this condition.] 

Step 2: For t = 1. . ./ do: gf{x) «- gcd(/(i), Gi{x)) over Q[z]/f{z). 

[Thus f(x) = J] 9i( x ) is a complete factorization of f(x) over Q[z]/f{z).] 

Step 3: If f(x) has more than one linear factor, compute the induced action of Galois 
group and Cayley table, and find maximal block by inspection. Then 

B z {x) «- FUeblockfc - "«)> and 

return B*(x) 

[In this case, the fixed points form a block, and the induced action of the 
full group on the block can be determined by substitutions.] 
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Step 4: For each Gj{x — cz) a factor of N z (f(x — cz)) do steps 5-9: 

Step 5: qj(t) *- constant term of gcd(gy(z), f(t — ex)) over Q[t, x]/Gj{t) 
p,[t) <- t - cqj{t) 

[This computes y and z in terms of a primitive element for the field 

Q\y,AI{9{y)9m = Q\AIGm 

Step 6: For i = 1. . ./, do: 

fff(x) - rf' W (x) 

*?(*) - tf W («) 

[This rewrites the factorizations of f(x) over Q[z]/f[x) and <3[y]//(y) as 

factorizations over Q[£]/G>(i)-| 

Step 7: Compute the graph T 3 = (Vj,Ej), with vertices, Vj, and edges, Ej given 

by: 

^ = {*?(*) >U{rf(x)} 

*i = ( W(*). **(*)> I !«»(*?(*). *«x)) ^ 1 } 
Step 8: Compute Yj = { t | g" (x) is connected to g\{x) = x — pj(t) in Tj } 

Step 9: B,{x) «- JJ ff*(i) 

Step 10: J9(z) <— 5i(x), of minimal degree 

return B"[x) € Q[x, z]/ f{z), a polynomial whose roots form a minimal block of im- 
primitivity containing z 

Theorem 3.8: If /(i) 6 Z[x] of degree n is irreducible, Algorithm 3.1 computes B{x) a 

polynomial in Z(a)[i] whose roots a%. . .a*, are elements of a minimal block of imprimitivity 

containing a. It does so in the time required to factor f(x) over Q[z]/f{z) and to calculate 

n 3 gcd's of polynomials of degree less than deg(/(i)) and with coefficient size less than 

2 
S/( x )J n over a ^ e ^ containing two roots of f(z). 

proof: By Proposition 2.2, Step 1 determines a primitive element for Q[y, z]/{f[z), g*{y))- 
By Theorem 2.1, Step 2 factors f(x) — Y[gi[x) over Q[z]/f{z). In Corollary 3.4 we 
demonstrated that the fixed points of G M (which correspond exactly to the constant terms 
of the linear factors of f(x) over Q[x, z]/f(z) form a block. The induced action of G z on the 
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minimal block can be determined from the Cayley table. Step 3 also computes a minimal 
block (which is trivial) for the case when G is a group of order p acting on p elements. Step 
4 merely expresses the roots y and z of f(x) in terms of a primitive element for the field 
Q[t\lGj{t) = Q[y,z]/{f{z),gf(t)); a proof of correctness appears in [van der Waerden, p. 
139.] Step 5 rewrites the factorization of f{x) in Q[z]/f(z) in terms of Q[t]/{Gj[t)), and also 
expresses a factorization of f(x) over Q[y]/f{y) in terms of Q[t]/Gj{t). Step 7 computes 
the graph Tj. By Lemma 3.8, Step 9 yields a polynomial whose roots form the block of 
imprimitivity 

A={ff(tt X ) | a€G ttl G aj }. 

Using Proposition 3.6 we conclude that Step 10 gives a polynomial whose roots form a 
minimal block containing ai. 

Let us now analyze the running time. Recall F(log|ff(i)|, ra,log)[/(x)]],n) is the time 
required to factor a polynomial of coefficient size |/(x)J and of degree n over Ok-[i], where 
K = Q[t]/g{t), and g(t) is a monic irreducible polynomial of degree m over Z. We let 
GCD(log I/(i)l, it, log lg{x)j, I, log \h{t)\, m) be the time required to compute the gcd of two 
polynomials f(x) and g(x) in K \x) of coefficent size |/(x)J and \g{x)\ and of degree k and 
I respectively, where K = Q[t]/h(t), and h{t) is a monic irreducible polynomial over Z. 

Let deg(/(i)) = n. Step 1 of the algorithm is a preprocessing step for factoring f(x) 
over Q[z]/f{z). Step 3 requires at most n substitutions and polynomial divisions in addition 
to the time required to find blocks in a group of order n. This can be done in 0{n log n) 
steps [At]. We cycle through Step 4 at most 0{n) times. Computing pj(t) and qj(t) requires 
one gcd over Q\t]/Gj{t). Step 6 can be done in 0(n) steps. Step 7 is again a gcd, done at 
most 0(n a ) times. Step 8 can be done in 0[n 2 ) steps [AHU]. The overall running time is 
bounded by: 

c/F(log |/(x)|, n, log |/(i)l, n)+n 3 GCD(log KfWW** *, ^g Mx))}"* , n, log |/(x)|, n)) ; 

or, more simply, the time needed to find a minimal block of roots of f(x) is the time needed 
for one factorization of f(x) over Q[z]/f(x), plus the time needed for n 3 gcd's of factors of 
f(x) over a field containing two roots of f(x). I 
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The Fundamental Theorem established the correspondence between fields and groups, 
and we know now that the lattice of groups between G a and G is isomorphic to the lattice 
of blocks of G which contain a. In the next chapter we see how to use the minimal blocks 
of imprimitivity to obtain a tower of fields between Q and Q(a). Having this tower of fields 
will enable us to check solvability of the Galois group in polynomial time. We present a 
generalization of Algorithm 3.1 in the next section. 

3. A Corollary 

Another way to think about Algorithm 3.1 is that it computes the intersection of Q(c*i) 
and Q[a s ). Observe that G ai is the subgroup of G belonging to the subfield Q(ai), and 
that G a , is the subgroup of G belonging to Q{a a ). Then G ai G a . is the subgroup of G 
belonging to Q{ai) C] Q{ot s ) [Theorem B, Chapter 2.] In a similar way we can compute 
Q(a) fl Q{P) even when a and /? are not conjugate over Q. 

There is a difficulty if we view the intersection in terms of the minimal polynomials for 
a and /? over Q, since the minimal polynomial for P over Q may factor over Q(a), in which 
case the intersection is ambiguous. In order for the problem to be well-defined, we must 
have a description of a field containing a and p. The description Q[x, y]/{f{x), h[y)), where 
a satisfies the irreducible polynomial f(x) over Q, and P satisfies the irreducible polynomial 
h(y) over Q[x]/f(x) is well-defined. We present an algorithm which, given the polynomials 
f(x) and h(x), computes the intersection of Q(a) and Q{P). 

Suppose [Q{a) : Q] = m, and let ai,...,a m be the conjugates of a = ct\ over Q. 
Suppose also that P satisfies h(x), an irreducible polynomial over Q{ot), and assume that 
the conjugates of ft over Q{a) are /?i,.. .,/?„, with /? = ft. By Proposition 2.2, we know 
there exists a c less than (mn) 2 such that whenever H(x) = N a (h(x — ca)) is squarefree, 
then H (x) is irreducible. If 7 = /? -f ca, then Q(i) = Q(a, /?). Furthermore, since the 
degree of H(x) is mn, and 

the roots of H(x) are precisely { /?y -(- cai | j = 1, . . ., n; t = 1, . . ., m }. 

Let Q(p) be the splitting field of H(x) over Q, and let G be its Galois group. Then 
Q[p) = Q(cti, . . .,a m , fa, . . ., p n ), and G a and Gp are subgroups of G. They are the 
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subgroups belonging to Q{a) and Q{0) respectively. Consider 

H{x) = j\{x). . .j'fc(x) in Q(a)[x], and 

= * 1 (x)...fcj(x)inQ(/J)[x], 

where the ji(i) and kj(x) are irreducible factors of H[x) over Q(a) and Q(/3) respectively, 

and ji(x) = h(x — ca). 

Let us define a graph T with Vertices, V, and Edges, .E by: 

V = {*(*)} U {*,-(»)> 

S = { (*(*), fcy(x)) | gcdU(x), fcy(l)) ^ 1 } 

Again we compute the set of vertices ji(x) connected to ji{x), and we let 

M = n *w 

ji(:r) is connected toj'^x) 

and let A = { 7i I 7* is a root of I(x) }. We claim A = { (7(71) | a 6 G a Gp }. We observe: 

Lemma 8.10: Let % be a root of ji(x) in Q(a)[x]. Then the roots of ji(x) are precisely 
G«(7i)- 

It follows immediately that gcd(ji(x), fcj(x)) 7^ 1 iff G a D Gp j£ 0, where 7. is a root of 
ji(i) and 7y is a root of kj{x). This implies: 

Lemma 8.11: Let a* be a root of ji(x) in Q(a)[z]. Then a* € A = { a(ai) | ff 6 G a G^ } 
iff gi(x) is connected to ji(x). 

To compute the intersection of Q(a) with Q(0), we factor H{x) over Q(a) and Q({3), 
and compute a connected component in the same way as we did in Algorithm 3.1. This 
gives us the algorithm INTERSECTION, which runs in polynomial time. 

Algorithm 3.2 INTERSECTION 

input: f(x) £ Z[x) and h{x) € Q[z]/f(z), where f{x) is monic and irreducible over 
Q, and h(x) e Q[z]/f(z) is an irreducible factor of g{x), which is a monic 
irreducible polynomial over Z 

Step 1: Find c^O such that N z {h(x — cz)) is squarefree and factor: 

k 
H(x) = N,(h(x - cz)) = II j*(x) over Q[*]//(z), 

i==l 

[At most (mn) 2 c's in Z do not satisfy this condition, where m=degree(/(x)) 
and n=degree(h(x)).] 
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Step 2: Factor H[x) — JJ JfcJ"(x) over Q[w]/g{w) 

t=i 

Step 3: q(t) «- constant term of gcd(/(i), g(t — ex)) over Q[t, x]/H(t) 

P (t)+-(t-cq{t)) 

[This computes z and w in terms of a primitive element for the field 

Q[z,w}/(f{z),h{w)) which is isomorphic to Q[t]/H{t).] 

Step 4: For t = 1, . . ., /, do: 

#(») - #%) 
Step 5: For j = 1, . . ., f, do: 

[This rewrites the factorizations of H{x) over Q[z]/f{z) and QM/s(u>) as 
factorizations over Q[f]/i/(t).] 

Step 6: Compute T — (Vj,E,), a graph with vertices, Vj, and edges, E, given by: 

V «{>?(*) }u {*;(*)} 

£ = { (#(*). *r (»)) I gcd(jf (x), AHx)) ^ 1 ) 
Step 7: Compute Y = { i | j* (i) is connected to j *(i) = h(x) in T } 
Step 8: S(x) <- JJ #(*) 

return: B{x) € <2[x, z]/(/(z)), a polynomial whose coefficients determine the field 
Q[z)/f(x)r\Q[x]/g(x) 

It follows from Lemmas 3.10 and 3.11 that Algorithm 3.2 correctly computes a polyno- 
mial whose coefficients determine the intersection of Q[x]/f(x) with Q[x]/g(x). The running 
time of Algorithm 3.2 is dominated by the time required by the factorization required in 
Step 2. The proof is quite similar to that of Theorem 3.9, and we do not repeat it here. 

Theorem 8.12: If /(x) in Z[x] is monic and irreducible of degree n, and h(x) € 
Q[z,x]/f(z) is an irreducible factor of g(x), a monic irreducible polynomial over Z, then 
Algorithm 3.2 determines the intersection of Q[x]/f(x) and Q[x]/g{x), where Q[x]/f(x) and 
Q[x]/g(x) are contained in Q[x, y]/(/(x), %)). Suppose the degree of h{x) is m. Then 
Algorithm 3.2 works in 0(F(log [/(*)], n, log |(JV(e[«]//(«))/eM* — cz ))\> ( nm ) 2 )) ste P 8 > where 
c is an integer less than (mn) 2 . 
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Chapter IV 

Determining Solvability 



1. The Fields Between Q and Q{a) 

Let f(x) be a monic irreducible polynomial over Z with roots on,... ,a m , and Galois 
group G. Suppose fli = {ai,..., a^ } is a minimal block of imprimitivity containing on, 

and let 

fci 
hi(x)=]] i {x- ai ) = x k >+l3 kl - 1 x k i- 1 + ... + l3 . 

We define F t = <J(/J ,/?i,...,/?*i-i)' In Lemma 4.1 we show that F t is the fixed field of 
Gb x - Then the minimum polynomial for a = a t over F t is hi(x). This is easy to see, for 

(1): [Q(a) : F t ] = [Q(a lf ...,a w ) : F 1 l/[Q(a 1 ,...,a m ) : Q(a x )] = |G fll |/|G a | = *i, 
and 

(2): ai satisfies hi{x), a polynomial over Fi. 

We first observe that since B\ was chosen as a minimal block containing on, the Galois 
group of Q[on) over ^((elementary) symmetric functions in { ai, . . ., a*, }) acts primitively 
on the roots of h x {x). This is shown in Lemma 4.1. Next we consider a tower of fields, 
Fi, between Q and Q[a), where a is a root of f(x) and has conjugates c*2, .-,oi m , with 
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a = c*i. The subgroup of G determined by Q(a) is G a . Each subfield between Q and Q(a) 
corresponds to a subgroup of G which contains G a . Finally, each subgroup corresponds to 
a block of imprimitivity containing a. This statement can be made more precise. 

Lemma 4.1: Let if be a field, and let f(x) with roots ai,...,a m be an irreducible poly- 
nomial over K[x\. Let B — { a lt . . ., a k } be a block of the roots. Then K(ati, . . ., a m ) Gj * = 
iC(symmetric functions in { oti, . . ., a^ }). 

proof: We proceed by induction. Assume that B is a maximal block of roots con- 
taining ai, and let F denote K(ai,...,a m ). First we note that [F : K] = [G/Gb] = 
|Q|/|B| = m/Jfc. The first equality follows from part (4) of the Fundamental Theorem 
of Galois Theory. The second is a consequence of the First Isomorphism Theorem ap- 
plied to a mapping from G onto an induced action on B, a^B, . . ., oiB, a complete block 
system. It is clear that /{"(symmetric functions of {<*!,..., a* }) C F. We show that 
[/^"(symmetric functions of { ai, . . ., ajt }) : K] =m/k to complete the proof. 

G a K{a) 

n 

Gb /{"(symmetric functions in { ai, . . ., a* }) = K{pi) 

h 

/{"(symmetric functions in { ai, . . ., a^ }) 

in 

g k 

Figure 4.1: The Fields Between K and K(a) and Corresponding Groups 

Let a , flj, . . ., afc be the symmetric functions evaluated at { <*i, . . ., a* }• Let pi = a<> -f- 
ciai + . . . + CfcOfc be a primitive element for /{"(symmetric functions in { aj, . . ., a* }) over 
K, where the Cj's are in Z. (Note that the c's can be chosen less than m 3 .) If we let pi =■ 

m/k 

0%{Pi)t then p{x) = TT (x— pi) has coefficients over K. If q(x) is a factor of p(x) over K, then 
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q[x) = TT(i— pj). In this case, o^Bl). . .[Ja^B form a block, contradicting the maximality 

3 

of the block B. We conclude that p(x) is irreducible. Thus p\ satisfies an irreducible 
polynomial of degree mjk over K, and [if (symmetric functions in { a\. . .a k }) : K] = m/fc. 
Now any block will be maximal over an appropriate subfield; assume inductively that 
B is a maximal block over L = iC(symmetric functions in {a\.-.aj k })- Let H be the 
induced action of G on {a 1 ...a jfc }, B == {ai,...,ay} be the maximal block, and F = 
Ha u ...,a jk ) H *. As before, [F : L\ = |H|/|H fl | = K^,. ..,<*,* }|/|W. •«* }| = j. If 
we define p\ as a primitive element for F, it will satisfy an irreducible polynomial of degree 
j over L, by the same arguments as before. Thus 

F = L( symmetric functions in { oti. . .a k }) 

= /^(symmetric functions in { ct\. . .ctj k }, symmetric functions in { ai. . .a* }) 
= /{"(symmetric functions in { ai. . .a k }) 

since { ai, . . ., a k } is a subblock of { a\, . . ., atj k }. I 

This means that all the fields F it Q = F k C Ffc-i C . - . C F x C F = Q(a) 
can be described as ^(symmetric functions in elements of J3), where B is a block of roots 
containing a. We have already observed that if B iB a minimal block, and if Gi is the Galois 
group for /(i) over ^(symmetric functions in elements of B), then G\ acts primitively on 
the roots of /(i). We would like to find a set of elements pi, i = 1,..., k, such that if 
ffi(y) is the minimal polynomial for pi over Q(pi+i), then the Galois group Gi of gi{y) over 
Q(li+i) acts primitively on the roots of ff»(y). These elements pi will be primitive elements 
for Fi over Q, i.e. i*\ = Q[p%)- We already have a description of the Fi from Lemma 
4.1; what we seek is a succinct description. We would like a set of />»'s whose minimal 
polynomials over Q have polynomial length coefficients. (Since Q{pi) C Q{a) for each i, 
we know that the degree of <fc(y) is less than n.) We will describe the pi's in terms of their 
minimal polynomials, hi(x), over Q. There is an inherent ambiguity as to which root of 
hi(x) we are referring, but this difficulty is resolved by linking the fields Q{p%) and Q(pi+i) 
through the polynomial ft(y). 

Of course we could determine F\ by calling BLOCKS on f(x). Then if 

hi{x) = x* 1 + fi kl -xx kl ~ l + • • • + fa 
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is the polynomial described earlier, F\ = Q{Po, • • •> Pk— 1), and p\ = /?o + ci/9i -+-••• + 
Ck—iPk—i, each Ci 6 Z, can be quickly found by Proposition 2.2. 

Let o\,...,Oj G G be such that aiBi,...,OjB u where ctj is the identity, form a 
complete block system for G acting on { ai, . . ., a m }, and suppose that gi(x) is the minimal 
polynomial for pi over Q. Then gi(x) is of degree m/fc t = j. We know that ff(hi(z)) = 
hi{x) for a in G\. If 0, = fft(pi), * = 1.--J. then ai(/h(pi)) = 0, implies that ai(pi) = 0i 
is a root of h\{x). Applying blocks to gi{x), returns a polynomial: 

whose roots {^i, . . ., ffjt 2 Pi } f° rm a minimal block containing p\. Then 

F 2 = 0(^,-1,..., /?o) 

= ^(symmetric functions in { $i, . . ., 0y }) 

= ^(symmetric functions in { symmetric functions in { ati, . . .,«&, }, . . . 
. . ., symmetric functions in ay{ ai, . . ., a*, } }). 

But Q(/?fc 2 _i, . . ., /?o) is a cumbersome way to name F%\ we would like to name Fa in terms 
of the original roots of f(x), a lf . . ., a m . Fortunately, there is a simple way to do this. 

Lemma 4.2: Let f(x) G <2[x] be irreducible with roots a = c*i, . . ., a m , and Galois group 
G. Let Q{p),Q{t) be subfields of Q(a), with Q(r) C Q(/o), and let h x (x) be an irreducible 
factor of f(x) in Q(/j)M- Then the roots of hi(x), a lf . . ., a fcl , form a block B\. The set of 
roots of NQ( p yQ( T )(hi(x)) form a block of cn,...,a m which contains £?i. Let g(x) be the 
minimal polynomial for p over Q(r). If the Galois group of g(x) over Q(t) acts primitively 
on the roots of g(x), the roots of ^Vq(p)/q(t)(^i( x )) form a minimal block containing J3i. 

proof: Because the fields Q{r),Q(p) are subfields of Q(a), we know that Q(p) = 
Q( symmetric functions in elements of B), Q(t) — ^(symmetric functions in elements of B2), 
and where B, B 2 are blocks of { o^, . . ., a m }. However hi(x) is irreducible over <2(/>)[x] with 
roots 01, . . ., a*,, so it must be the case that B = B\. Furthermore, Q(t) C Q[p) implies 
B\ CBj. We consider the induced action of G on B2, and let o%B\, . . ., ak 2 Bi be a complete 
block system for B\ in B%, with a x equal to the identity, and the a^'s in G. 

Then if g(x) is the minimal polynomial for p over Q(t), 
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In particular, 

N Q[ P )/Q{r){hi{x)) = JJ (Ti{hi{x)) 

=n4 n (*-*)) 

i ^* r».-^ minimal ' 



aj£ minimal 



= n n m* ~~ ^ 

j «i€ tninitnal 
Mock ct gar =au 

fcifcp 

= JI x — Oti 
i=l 

will give a polynomial whose roots ai,... ,ai ei k 2 are a block of oi,..., a m which contains 
oi, . . ., a/tj . If the Galois group of g[x) over Q(t) acts primitively on the roots ofg(x), then 
Bi is a minimal block of B2. I 

This lemma allows us to compute the blocks of aj,...,a n directly. Recall that the 
coefficients of B(x), /3fc 2 — 1, . . ., /3 are elements of Q[y]/ht(y) — Q(p), and that Q(p ka -. lt . . ., /3 ) 
= Q[t) is a subfield of Q(p). If 70, • • ., ijk—i are tne symmetric functions in a it . . ., a*,*,, 
again we can determine 

Pi = lo + C171 + • • • -f c fcl fc 3 7 fcl jt 3 , 

where Q[pi) = Q[lo, • • •, 7fc,fc J> and the c^'s are integers less than n 4 . We let /i 2 (x) be the 
minimal polynomial for p% over Q. 

We have found fields Fi = Q(pi) = Q[x]/h t {x) = Q{i,y]//i 2 (i)ffi(2/) and F 2 = 
Q(pi) — Q[x]/h2(x) such that 

1) the Galois group of f(x) over Q{pi) acts primitively on the roots of f(x), 

2) the Galois group of hi(x) over Q{p%) acts primitively on the roots of hi{x). 

We may now repeat this process with h.2[x) playing the same role as hi(x) did, and 
determine a minimal block of roots of hi(x). Iterating this process until BLOCKS [hi(x)) 
returns a polynomial in Q[x], determines a set of fields Fi = Q{pi), t = 1, . . ., k, such that 
if ffi(y) is the minimal polynomial for pi over Q(pi+i), and G, is the Galois group of gi(y) 
over Q{pi+t), then G» acts primitively on the roots of g x {y). Furthermore JPq = Q{ a )t and 
F k = Q. 
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We give a simple argument to show that the hi(x) have succinct descriptions. Although 
the bound we give is not best possible, it is an easy argument which demonstrates that 
the polynomials have polynomial size descriptions. The polynomial f(x) is monic with 
coefficients in Z, which means that c*i,...,a m are algebraic integers. Since any sum or 
product of algebraic integers is also an algebraic integer, we know that the roots of hi(x) 
and Ji 2 (x) are algebraic integers. Therefore it suffices to show that |[fti(x)J is polynomially 
bounded in order to know that /i,(i) is polynomially bounded in length of description. Now 
hi(x) is the minimal polynomial for pi = /3<j + Ci/?i -f . . . + c k {) k over Z, where the ft are 
symmetric functions of the ai, . . ., a m , and k < m. Then 

M<1 E n °V" a nl 

all subsets of <*« 3 € 

k distinct roots { Ql( ... l0m } 

<2 ro i n <*m- ••<*.*! 

a< J g{a lj ... ,a m } 

< 2 m iaS m . 
This yields the following bound on the p*'s: 

0/»i] < m • max |c»( max fl/?,i <m-m 4 - 2 m laj m = M . 

i i 

If 

m*)= n ( x —pi)> 

pj a conjugate 
of pi over Q 

we conclude that ff/ii(i)l < {2M) m . Using Weinberger and Rothschild [Theorem 1.3], we 
can also obtain a bound on the coefficients of gi[y). Recall that 

9i(y) = II & ~ ai ) 

otia conjugate 
of ai over Q{pi) 

Thus if gi(y) = y k -f 7fc— iy fc—1 + - ■ • + 7o» th e V s are algebraic integers, and are elements 
of Q[ Pi ). With 

and d = disc(/ii(x)), by Theorem 1.3 we have 

\9ij\ < m!I/(»)riM*)r" < ™\\f[x)f m \ 
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a rough bound which is sufficient for our purposes. Since |[/>j| < M, 

dwc(Mi)) < (2M) m2 < I/(x)l m3 , 

and consequently, 

|fc(*)l < m!l/(x)r 4 . 

We have shown: 

3)|M*)I < |/(i)| 2m3 for t = 1,2, and 

4)|»i(*)l < m!|/(x)r 4 . 

In the next section we present an algorithm for determining the hi(x) and gi{y), along 
with a proof of correctness and an analysis of running time. 

2. An Algorithm 

Algorithm 4.1 FIELDS 

input: f(x) 6 Z[x], a monk, irreducible polynomial 

Step 1: t 4- 1 

C*(t) <- BLOCKS(/(*)) 

90{t) - t' + ^(z)*'- 1 + . . . + c {z) <- C'{t) 

\C*{t) will be the polynomial whose norm we compute in order to determine 

the chain of fields.] 

Step 2: While C'{t) £ Q[t\, do steps 3-17 
Else go to return 

Step S: t* + a k _ 1 (z)f ,c - 1 + . . . + a Q (z) <- C'{t) 

Step 4: p[z) «- a (z) 

Step 5: For j = 1, ... .,k — 1, do: 

While aj(z) £ { 1, P{z), . . ., p m ~ x {z) }, do: 

/?(*)«- /J(*) + a,-(*) 

[This computes an element p{z) such that Q[a k -i{z), . . ., a (z)]/f{z) s* Q[P[z}}/ /(*).] 
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Step 6: I «- 1 

Step 7: While { 1, fi(z), . . ., @ l (z) } is a linearly independent set over Q, do: 
Z«-Z + l 

Step 8: Else if p l {z) + rfz—i^— 1 (^) + . . . + d = 0, 
fci(i) <- x' + di-ii'- 1 + .... + d 
[This determines the minimal polynomial for P(z) over Q; we have Q[P(z)]/ f(z) = 

Q\AIHx)] 

Step 9: For j ' = 0, . . ., / — 1, do: 

Find Pj(x) such that Pj{0{z)) = Cj(z) 

Step 10: gi-i{y) <-y l + pi-i^y 1 - 1 + . . . + p (z) 
[Then Q[t]/h i ^ i {t)^Q[x,y}/h i {x)g i ^ l {y).} 

Step 11: For j = 0, . . ., Jb — 1, do: 

Find qj(x) such that qj{P[z)) = ay(z). 

Step 12: C*{t) <- t fc + ft.^i)**" 1 + . . . + %(*) 

[This expresses C*(i), a polynomial in Q[f}(z))f f{z) ~ Q[x]/hi(x) in terms of 
the element x.] 

Step 13: B x (t) «- BLOCKS(^(x)); 

t l + fej-^xjt'- 1 + . . . + b (x) <- B*{t) 

Step 14: For j = 0, . . ., i — 1, do: 

[This will allow us to express B x {t) as a polynomial with coefficients which are 
polynomials in z and which has root x.) 

Step 15: B*(x)<-x' + c J _ 1 (*)z i - 1 + ... + c (z) 

Step 16: C'{t) «- Res x [B'{x), C x (t)) 

Step 17: i «- t + 1 
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return: { hi(x), gi-i{y) | t = 1, . . ., r }, where 
l)Q[x,y}/hi(x)g (y)~Qlz)/f(z) 

2) h t {x) £ Q[x], and 

ffi-i(y) € Q[x, y]/ht{x), for i = 1, . . ., r 

3) The Galois group of ff»_i(y) over Q[x,y]/hi(x) acts primitively on the roots 

of 9i-i(y) 

4) The Galois group of h r {x) over Q acts primitively on the roots of h r (x). 

Theorem 4.3: Let f{z) € Z(z) of degree m be irreducible. Algorithm 4.1 computes 
{/ii,p t _i | i = l,...,r} which satisfy conditions 1,2,3 and 4 above. Let BLOCKS (g{x)) 
be the running time for blocks on input g(x). Then the running time for FIELDS is 

3 

0(log mBLOCKS(g(x))), where degree(g'(i)) < m, and |ff(i)J < m!|/(i)J m . 

proof: We consider the first iteration of Algorithm 4.1. Step 1 computes C"(t) = 
t l -f- cj_ii' — l -f- . . . -f co[z), whose roots z\, . . ., Zk form a minimal block of imprimitivity 
containing z == z t . If C z (i) € Q[t], then the Galois group of f(z) over Q acts imprimitively 
on the roots of f(z), and we are done. Otherwise we compute a primitive element for f)(z) 
for the field Q[a fc _i(z), . . ., a {z)]/f{z) in Steps 4 and 5. That Steps 4 and 5 do so correctly 
is immediate from van der Waerden [vdW,p.l39.] In Steps 6-8, we compute the minimal 
polynomial hi(x) for /3{z) over Q. 

Now that we have a primitive element, x, for Q[a fc _i(z), . . ., d (z)]//(z), we can rewrite 
C z [t) as C % {t), a polynomial over Q[ar]//ii(i). This is done in Steps 9 and 10. Note that 
this means Q[t]/h (t) ~ Q[x,y]/{hi{x),g {y)). Steps 11 and 12, in the case of i — 1, are 
redundant. Observe that C x (t) has the same value before and after these two Bteps. 

Next we call blocks on hi(x). Let BLOCKs(/ii(i)) = t k -\-b k —i(x)t k ~ 1 + ...-{-b (x) = 
B x (t). By the minimality of the block, the Galois group of hi{x) over Q[b k -i(x), . . ., b {x)]/hi(x) 
acts primitively on the roots of hi(x). We know that Q[bk~i{x), ...,bo[x)]/hi(x) = 
^(symmetric functions in z\, . . ., zj) for some block z\, . . ., z\. We find this block. 

Let i be a root of h t (t). Then x is a root of B*(t). If we rewrite B x [t) as B*{t), a 
polynomial with coefficients in Q[z]/f(z), x remains a root. Recall Lemma 4.2, and the 
discussion which followed it. Since x is a root of B x (t), the roots of 
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N (Q[x]/fc 1 (x))/(Q[ bfc _ 1 (x),...,6 ( I )]// ll (x))( flI ( < )) = HQiHVQiP*) 1 **® 

= C'{t) 

are a block containing B\. Because the Galois group of /ii(i) over Q[bk—i[x), . . ., bo(x)]/hi(x) 
acts primitively on the roots of hi(x), the roots of C z (t) are a minimal block containing 
B\. We can calculate this norm by a resultant. In order to do so, we express B x (t) as a 
polynomial with coefficients in Q\z,t]/f(z), B*{t). This is done in Steps 14 and 15. Since x 
is a root of B z (t), Step 16 computes C'{t) correctly. 

Inductively suppose Algorithm 4.1 has computed { hi{x), (fc_i(y) | i = 1, . . ., k } which 
satisfy: 

1) Q{x,y)/h 1 (x)g (y)-Q[z)/f(z) 

2) hi[x) e Q[x] and ft-^y) G Q[x, y]/hi{x), for i = 1, . . ., A;, and 

3) The Galois group of ft— i(y) over Q[x]/hi(x) acts primitively on the roots of g>i_i(y), 

and that C'[t) is a polynomial whose roots are the elements of the block Bk+i- We 
will show that a single iteration of Algorithm 4.1 will produce /ifc+i(z),fffc(y), and a new 
C(t) which satisfy the above conditions. 

If C'{t) G Q[t], we are done, since then the roots of C'{t) are zi,..., z m , and we have 
satisfied conditions 1,2,3, and 4. Suppose C*(t) £ Q[t\. Then in Steps 3-5 we compute 
a primitive element, fi(z), for ^(symmetric functions in the elements of Bk+i). In Steps 6 
and 7 we determine hk+i[x), the minimal polynomial for /?(z) over Q. 

Next we calculate ff*(y). Since the Galois group of B*(x) over Q[fi[z)]/f(z) acts 
primitively on the roots of B*(x), B"(t) is - almost - the gk[t) we want. The only difficulty p 

is that B*(t) is written as a polynomial with coefficients in Q[z]/f(z). This is however, easily 
circumvented, since B z (t) has coefficients which are in Q\x\j hk+i{x). We express them in 
terms of x in Step 9, and gk{y) in Step 10. 

Now we are ready to find the next block. We seek to express C z [t) as a polynomial 
over Q\x)/hk+i{x); we prtfceed in the same manner as we did for gk[y)- We do so in 
Steps 11-12. Then Bk+i will consist of the roots of the norm of C'{t) over a subfield of 
Q[x]/hk+i{x), namely a minimal subfield. We compute this subfield by calling BLOCKS 
on hk+i{x); the subfield is determined by the symmetric functions of the elements of a 
minimal block of roots of hk+i{x), or more simply, by the coefficients of the polynomial 
returned by BLOCKS(/ifc+ i(i)) in Step 13. In Steps 14 and 15 we rewrite the polynomial, 
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B x (t) as a polynomial in the variable t with coefficients in Q[z]/f[z). Then by Lemma 4.2 
the polynomial we are seeking is: 

N (Q[x]/h k + i (x))/(Q[b k + 1 (x) bo{*)]/h k+l {x)) C W 

= N (QlP(z)}/f{zj)/(Qlb k+ i(x),...Mx)]/*k + i{*)) C ^ 

= Res x (B'(x),C x (t)) 
= C{t). 

We are done. Let us now examine the running time. 

Observe that Algorithm 4.1 is looped through at most logm times, since each iteration 
produces a subfield between Q and Q{a). Let us consider the running time necessary for 
the first iteration. 

The time needed for Step 1 is dominated by the call of BLOCKS on /(z). Steps 2-4 take 
constant time. The loop of Step 5 is passed through a maximum of m times, with no more 
than log m nontrivial executions. The computation a 3 [z) G ?{ 1, /?(■*)» • • •, P m ~ 1 {z) } is done 
at most m 3 times for each a 3 -(z), with each test requiring no more than 0{m s ) steps. (This 
is simply a linear algebra problem to test independence; the bound is due to [Edm.]) Step 
5 requires much less time than BLOCKS of Step 1. 

The running time for Steps 6-12 is less than the time required for Step 5, and is therefore 
dominated by Step 1. In Step 13, we call BLOCKS on hi{x), a factor of f{x). The time 
required for Steps 1-16 is dominated by the time required for Step 5. Thus the time required 
for the first iteration is dominated by BLOCKS(/i(x)), where h{x) is a factor of f{x). 

Subsequent iterations are dominated by this same factor, and there are at most log m of ¥■ 

them. Hence we conclude that the running time for FffiLDS is less than 0(log mBLOCKS(g(x))), 
where degree^*)) < m, and (f(x)] < lf(x)} m \ I 

3. The Fields Between Q and Q{a) and Solvability 

We can now determine all the fields between Q and Q{a). This enables us to check 
solvability by a simple divide-and-conquer observation. Let Q(P) be a field such that 
Q Q Q{0) Q Q( a )- Every element in Q(a) can be written in radicals iff every element 
of Q{/3) can be written in radicals over Q, and every element of Q[a) can be written in 
radicals over Q{P). The divide-and-conquer terminates when no more fields can be included 
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in the chain between Q and Q[a), that is, when the Galois group of the normal closure of 
Q(ft_i) over Q(ft) acts primitively on the roots of the minimal polynomial of ft_i over 

<2(ft). 



Q(7r + l) 



Q(Pr-l) 

Qilh) I «(7i) 

Figure 4.2: The Primitive Extensions Between Q and Q(a) 

We consider what this means group-theoretically. Suppose { ft 1 1 = 1, . . ., r -\- 1 } are 
such that if gi(y) is the minimal polynomial for ft over Q(ft_i), then the Galois group of 
9i{y) over Q(ft_i) acts primitively on the roots of &(y). If the set { 7* | t = 1, . . ., r -f 1 } 
is chosen so that £(7*) is the splitting field for Q(ft) over £(ft_i), let { a u . . ., a k } be the 
block of imprimitivity associated with Q{Pi), and let { otk+i, • • .,"2* }>••■»{ a (t— i)fc+i> • • •> «m }> 
be the conjugate blocks. Then, if QiBz), • ■ •, Q{0t) are the fields associated with the con- 
jugate blocks, we know that Q(0i) C Q{ii), for i = l,...,'f. This means that the 
Galois group H x of Q(ai,...,a m ) over £(71) fixes each of the Q{8i). Assume L t is the 
subgroup of the Galois group which fixes Q{0i). Clearly Hi C L\\ furthermore, H\ 
C (induced action of Li on (»!,... ,<**)*. If K\ is the Galois group of Q(ati,...,a k ) over 
Q{Pi), then Hi C jK"*i, and Hi is solvable if Ki is. The question of whether a particular 
polynomial is solvable by radicals can be transformed into log m questions of solvability of 
particular primitive groups: if d is the Galois group of Q{ft_j_i) over Q(ft), then f(x) is 
solvable by radicals iff Gi is solvable for i = 1 r. 
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Figure 4.3: Hi C K\ 

This is suprisingly easy to answer, for primitive solvable groups are highly structured, 
which greatly limits their size. 

Theorem 4.4 [Palfy]: If G is a primitive solvable group which acts transitively on n 
elements, then \G\ < 24 _1 / 3 n c , for a constant c = 3.24399.... 

This result is sufficient for us to obtain a polynomial time algorithm for checking 
solvability by radicals. Although no algorithms which compute the Galois group in time 
polynomial in the size of the input are known, a straightforward bootstrapping method 
yields an algorithm whose running time is polynomial in the size of the group. 

We factor f(x) in Q[y]/f{y)- If f{x) does not factor completely we adjoin a root of 
f(x), different from y, to Q[y]/f{y), compute a primitive element, and factor f(x) over the 
new field. We continue this process until a splitting field for f(x) is reached. In Section 4 
we present this algorithm with a proof of correctness and an analysis of running time. 

4. Another Algorithm 

Algorithm 4.2 GALOIS 

input: f(x) (E Ok[x], monic, irreducible of degree m over K — Q[9), where is an 
algebraic integer of degree / over Q, and Ok is the ring of integers of K 



Step 1: g{y) <- f{y) 
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Step 2: Find c^O such that N( K . . . . ,\ /K [f{x — cy)) is squarefree 

[Then N/ K{ . ^/k^ 1- cy ^ generates iC(a, /3) where a and /? are roots of 
g(y) and f{x) respectively.] 

k 

Step 3: Factor N^ K[y]/g{y) ^ K [f{x - cy)) = J] Gj(i) over X 

Step 4: If there is a Gy(x) such that degree(Gj(x))>degree(0(x)), 
p(y) <- Gj(y) and go to 2 
Else n «-degree(<7(y)) 

Step 5: For t = 1, . . ., m, do: 

/i(i) «- gcd K[y]/9(y) (G,(i + cy), f{x)) 
Qi[y) *— constant term of fi(x) 

n 

Step 6: Factor g(x) = JJ x — pi(y) 

Step 7: For t = 1, . . ., n, do: 
Step 8: For j — 1, . . ., m, do: 

H Pt(g,(y)) = gi{y) in Q[y]/y(y), ts(j) <- / 

[This just means that <7i(aj) = aj, for a 3 ,aj roots of /(i)] 

return: { Tj | i = 1, . . ., n }, and ff(y), where 

1) K[y]/g[y) is the splitting field for f(x) over /f , and 

2) The ti's acting on a 1} ...,a m , the roots of /(i), form the Galois group of 
f{x) over K 

Theorem 4.5: Let f(x), a polynomial in OjcM> be monic and irreducible of degree m, 
where K = Q{0), is an algebraic integer of degree / over Q, and Ok is the ring of integers 
of K. Algorithm 4.2 returns g(y) and { Ti }, where K[y]/g{y) is the splitting field for f{x) 
over K, and the { r* | t = 1, . . ., n }, form the Galois group of f(x) over if. It does so in 
0((|G|/) 9 + e (|G| log |G|I/(*)I + / 3 log |[0]]) a +<) steps. 

proof: The proof will be by induction. As before, we show correctness, and then analyze 
running time. Without loss of generality, let us assume the roots of f(x), ai,...,a m , 
are ordered so that there is a t < m, with <*i+i g K(ai,...,ati) for t<i, and a^i G 
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K(ati, . . ., ati) for i > t. Each time we adjoin a root a^i of /(x) to K{a\, . . ., cti), we will 
compute a primitive element for K(ai, . . ., ai+i) over K, and a minimal polynomial for that 
element. In the algorithm we call these "y n and "g[y) n respectively; in the proof we call 
the i th primitive element ft, and its minimal polynomial over K, ffi(y). Recall Proposition 
2.2 which says that if Gy(x) is an irreducible factor of N ( K (y)/ g M)/K^^ x ~ cy ^' then 
K[z]/Gj[z) ~K[x,y]/(g(y),fj(x)). We observe that it is not really necessary to factor f(x) 
over K(P) in order to determine if f(x) splits into linear factors in that field. For, if g{y) 
of degree / is the minimal polynomial for P over K, and h{x) € K[x, y]/g{y) is of degree k, 
then N/ K . \ [h(x]) is a polynomial of degree Ik over K. In particular, if Gy(x) is an 

irreducible factor of JV/ . ))/K^ x ~ cy ^ in K ^ which is of de 8 ree m > de g ree (ff(y))> 
then gcd K r y i / g(y )(Gj(z 4- cy), f(x)) is nonlinear. This observation will save us the work of 
factoring f(x) until we reach a splitting field for f{x) over K. We are now ready to proceed 
with the proof. 

We claim that each iteration of Steps 2-4 adjoins a root a» of /(x) to K and computes 
a primitive element, ft, for K(on, . . ., c^) over K , Suppose first that /(x) is normal, that is, 
f(x) factors completely in K[y]/f(y). In that case each of the Gj(x)'s will be of the same 
degree as f(y) = g(y), and we will fall through to the second part of the algorithm. 

Next suppose that /(x) is not normal, and adjoin a single root of f{x) to K. Then at 
least one of the irreducible factors of f(x) in K\x,y]/f(y) is not linear. If /,(x) is such a 

factor, then Gy(x) = *f( KW / tM )/ K fc( x ~ cy ^ is a factor of N {K[yy g (y))/K^ x - c ^)) 
whose degree is greater than the degree of g{y). On the first iteration of Steps 2-4 let /? be a 
root of Gj(x), where /? = ai -f- ca 2, where c is an integer less than (m 2 /) 2 . By Proposition 
2.2, K(P) = K{ai,a 2 ). On subsequent iterations ft+i will be a root of (the new) Gy(x), 
an irreducible factor of Nt K . ,. . )\/ K {f{x ~ cy)). Then 

K[y]/g(y) ~ K[y]/GM ^ X(ft +1 ) ~ K{^,a i+1 ) 

by induction. We fall through to Step 5 only when /(x) factors into linear factors in 
K[y]/g(y); equivalently, when we have adjoined {ai,...,a t } to K, and have computed a 
primitive element y for K{a lf . . ., o t ) over K. Then K[y]/g(y) is the splitting field of /(x) 
over K. 

In Step 5, we factor 
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t=l i=l 

over K[y]/g(y). In Step 6 we factor 

n 

9[x)= J[{x-Pi{y)). 

(By the construction of g(y), we know that g(x) splits completely in K[y]/g(y).) 

The Galois group of g{x) over jFC, G, is a group of order n acting on n elements; thus for 
each i ; = 1, . . ., n there is a unique ay G G with a,-(l) = i. The Galois group of f{x) over K is 
the induced action of G on the roots of f(x), cti, . . ., a m , which we write as qi{y), . . ., qm{y)> 
Without loss of generality we assume that try(l) = i. An alternative way to say this is that 
<>i{y) = Pi{y)- Then Qi{y) is the constant term of the /i(x), ff,(ay) = o%{.q 3 {y)) = P»(9j(j/))- 
Let {ri | t = 1, ...,n} be the induced action of G on a*,..., a m , so that Ti{j) = I iff 
P(fy(l/)) — 1i(y)- Thus Algorithm 4.2 returns the set {ri} which form the Galois group of 
f(x) over K. 

The running time analysis breaks up into two parts, just as the proof of correctness 
did. First we consider the time needed for Steps 1-4, which calculates ft and gi(y). Let 
m = [K{a t ...,cti) : K], and di = [K(cti,.. .,a») : K(ai,...,ati—i)\. We first bound the 
size of ffi(y). The roots of $»(!/) are conjugates over K of a.\ + cjaa + • • • + c*c*»» where 
c* € Z. By Lemma 1.6 |c»| < {diiii-i) 2 = n?. Then 

I«i + c 2 a 2 + • • • + c^ail < {al(l + c 2 -f . . . + Ci ) 

< I<*l*|ci|i since cy < c» for j < t 

If fc(x) is the minimal polynomial for over Q, \k(x)\ < (2|flJ) m . Then 

IftMl < (2Hn, 3 )«. 3 (2pl)m 3 
by Weinberger and Rothschild [Theorem 1.3.] We further conclude that 

1"(*M/«M)/kM*- Cy M < (2Hn 3 +i r +1 (2|[*ir. 

Let Di be the time needed by Algorithm 4.2 on the i th iteration. Then 7* = D» -\- 
Z),-i + ... + £>i. We claim D t < 3(n, +1 /) 9 + £ (n i+1 log n<I/(z)| + / 3 log I*l|) 2 + e . This is 
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because Steps 2-4 are dominated by the time it takes to factor Nr K ,,,,.\, K (f[x — cy)) 
over K. By Propositon 2.1, the claim follows. Then 

Ti < 3(rm.i0 9+< (ni+ito8«il/(*)l + / 3 log|^l) 2 + e 

+ zW+'im io gni -ilf(x)l + / 3 log iq)*+* + . . . 

. . . + 3(m/)»+«(ni log ml/(x)l + / 3 log pj) 2 + e . 
The time required by Algorithm 4.2 in Steps 2-4 is bounded by 0((|G|/) 9 + £ (|G| log |G||[/(x)l+ 
< 3 logfl0fl) 2+£ ). 

Since |[/{i)] and fo(y)| are both smaller than l Ar (/ciy]/ 9 ( y ))/K^( x ~ cy ^> Steps 5 and 
6 do not add to the time bound established for Steps 1-4. Similarly the computations 
of Steps 7 and 8, being straightforward divisions of polynomials [n\G\ of them), do not 
increase the running time of Algorithm 4.2. Consequently Algorithm 4.2 computes g{y) and 
{ r, | i = 1, . . ., n } in 0((|G|/) 9 + £ (|G| log |G|I/(*)J + / 3 log pl) 2 +*) steps. I 

5. How it Fits Together 

Let f(x) G Z[x] be monic and irreducible, with roots a lf . . ., a m . We have shown how 
to compute field extensions Q(Pi), t = 1, . . ., r + 1, such that Q(p r +i) = Q, and Q(P\) = 
Q(a), and for j = 1, . . ., r, the Galois group of Q{Pj) over Q{fij +X ) acts primitively on the 
conjugates of P 3 over Q(/3j+i) [Algorithm 4.1.] We have shown that if /(i) is a monic, 
irreducible polynomial in 0/f[z], where K = Q{9) is an algebraic number field, then we can 
compute the Galois group of f(x) over K[x\ in time polynomial in the size of the Galois 
group, |/(x)| and \6\. We know that primitive solvable groups are small. How does it all 
fit together? 

Quite simply. We call FIELDS on f(x) to determine a tower of fields each one of which 
has the Galois group acting primitively on the roots of the polynomial which generates it 
from the field below. We call GALOIS for each one of these extensions. We call GALOIS with 
a clock. Let ft(j/) be the polynomial described in FIELDS, and suppose the degree of ft(y) 
is rii. By construction the extension Q[x]/hi—i(x) over Q[x]/hi(x) has Galois group which 
acts primitively on the rootB of <7j_i(y). By Theorem 4.4, if this group is solvable, then 
its order must be less than 2A~ l/3 nfl\. For each t, i = 1, ...,r, we call GALOIS on input 
9i—i[y)t Q[x]/hi(x). We allow this procedure to run for 
(a constanQn^degreeihiiytf+'in*™ log nilgi-M] + {degree{h x {x)f\og HMx)!) 2+e 
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= ki steps, the time needed by GALOIS to determine a Galois group of order less than 
24 — x l z nfl\. If the procedure fails to return a Galois group in that amount of time, we 
know that the Galois group of 0»_ i(y) over Q[x]/hi(x) is not solvable, and hence neither 
is f{x) solvable over Q. If a group is returned, we call any of the standard algorithms 
for testing solvability of a group [Sims],[FHL]. Since the order of the group is polynomial 
size in rij_i, these algorithms can check solvability of the group in polynomial time. Let 
solvablegp be the reader's favorite algorithm for testing if a given group is solvable. We 

assume that the input to SOLVABLEGP is a set { r. | i i = 1 n } which forms the Galois 

group for 0,_i (y) over Q[x]/hi[x). Then SOLVABLEGP returns "yes" if the group is solvable, 
and "no" otherwise. 

Algorithm 4.3 SOLVABILITY 

input: f[x) £ Z[x], monic irreducible of degree m 

Step 1: Call blocks(/(x)) 

Step 2: For i = 1, . . ., r, do: 

For {degree(gi-i(y))) ki steps, do: 

Step 3: If no return, return f{x) "IS NOT SOLVABLE BY RADICALS" 
Else call SOLVABLEGP { n } 
If SOLVABLEGP{ r t } ="no", return f{x) "IS NOT SOLVABLE BY RADICALS" 

Step 4: return f{x) "IS SOLVABLE BY RADICALS" 

return: /(i) IS SOLVABLE BY RADICALS if f{x) is solvable by radicals, 
/(j) IS NOT SOLVABLE BY RADICALS otherwise 

We conclude with the main result of this thesis: 

Theorem 4.6: Let f(x) £ Z[x] be monic and irreducible of degree m over Q. Then 
Algorithm 4.2 determines whether the roots of f[x) are expressible in radicals in time 
polynomial in m and log |/(x)|. 
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Chapter V 

Expressibility 



1. Background 

We recall: 

The Fundamental Theorem on Equations Solvable by Radicals: 

(1) If one root of an irreducible equation f(x) over a field K can be represented in the 
form: 

yVp+'yfr. (*) 

then the Galois group of /(i) over K is solvable. 

(2) Conversely, if the Galois group of /(i) over K is solvable, then all roots can be 
represented by expressions of the form {*) in such a way that in the successive adjunctions 
of tya, the exponents are prime numbers, and the equations x n — a are irreducible each 
time. 

For the first four chapters of this thesis, we were concerned with the problem of deter- 
mining solvability of an irreducible polynomial over the rationals. If f(x) is an irreducible 
solvable polynomial over the rationals, it would be most pleasing to find an expression in 
radicals for the roots of f(x). In this chapter we exhibit a straight line program which does 
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so in polynomial time. Classical results are presented in §1, and a discussion on bounds 
appears in §2. The straight line program is presented in the final section of this chapter. 

Let K be an algebraic number field which contains the n th roots of unity. Then K{^/a) 
is a Galois extension of K, and the map 1/a h-> f n >/a> where f n is a primitive n th root of 
unity generates the Galois group of K(^/a) over K, which is cyclic of order n. If K(a) is 
a Galois extension of K with cyclic Galois group, we say K(a) is a cyclic extension of K. 
If K(a) is cyclic of order n, we claim that K{a) — K{^/a) for some a in K. Let a be a 
generator of the Galois group of K(a) over K, and let c be a primitive n th root of unity. 
For each element 7 in K{a) we can form the Lagrange resolvent 

The Lagrange resolvent is a iC-linear map from K"(a) onto itself, and can be thought of as 
a matrix. Then (f , 7) = iff 7 is in the null space of this matrix. The following theorem 
shows that the Lagrange resolvent does not act trivially on K(a). 

Theorem 5.1 [E.Artin]: The elements of the Galois group of K(a) over K are linearly 
independent over K. 

proof: It is clear that if aa(x) = for x ^ 0, then a = 0. Suppose there is a relation 
aiffi(z) + a 2 o 2 (x) + . . . + a m o m {x) — (1) 

with none of the a» = 0. Let m be chosen as small as possible. Then we know m > 2. 
Since 01 and a 2 are distinct, there is a b in K such that ai(6) 5^ a 2 {b). (Note that this 
means <ti(6) 7^ 0.) We have 

aiai(bi) + a 2 a 2 [bx) + • • ■ + a m ff m (te) = (2) 

which implies 

aiO\{x)ai{b) + a 2 a 2 {x)a 2 [b) -f- . . . + a m o m {x)a m [b) = 0. (3) 

We divide equation (3) by oi{b), and subtract it from equation (1). The first term cancels, 
and we obtain: 
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Because the first term in equation (4) is not zero, this is a relation of shorter length than 
equation (1), which was chosen to be minimal. Thus it must be the case that o it . . ., a n are 
linearly independent over K. I 

Now let 7 £ K(a) be such that (f, 7) =^ 0, and consider 

<*<, 7) = oh) + f a 2 ( 7 ) + . . . + r-'^-Hi) 

= r 1 (M7)+fV(i)+-+i) (**) 

= r%,7). 

This means that (f, 7)" is fixed by a, and thus that (f,7) n is in if. But we also know 
from (**) that a fc (f , 7) = f~ fc (f , -7), which means that the only element of the Galois group 
which fixes (f, 7) is the identity. If we let == (f,7) n , we conclude that K{a) = K(^/a). 
We have shown: 

Theorem 5.2: Every cyclic field of n th degree over an algebraic number field can be 
generated by an adjunction of an n tk root provided that the n tk roots of unity lie in the 
base field. 

The method we use to express a as radicals over Q relies on the effective proof of 
Theorem 5.2. Clearly roots of unity play a special role in the question of expressibility, and 
we show: 

Lemma 5.3: The p th roots of unity, p a prime, are expressible as "irreducible radicals" 
over K. 

proof: We do this by induction on p. If p = 2, the roots of unity are ±1, and there 
is nothing to show. Suppose we have shown the lemma to be true for all primes less than 
p. Now the field with the p th roots of unity is cyclic of order p — 1 = p* 1 . . .p% k over K. 
We adjoin to K the p**, . . ., p tk roots of unity which by induction we have assummed to be 
expressible as radicals over K. Then Theorem 5.2 applies. I 

2. Bounds 

We assume f(x) is an irreducible solvable polynomial of degree m over the rationals, 
and we let a be a root of /(i). In Chapter IV we presented an algorithm which found a 
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tower of fields Q{p t ), i = 1, . . ., r, where Q C Q{/3 r ) C . . . C Q{Pi) C Q(a), and the Galois 
group of Q{Pi) over Q(ft+i) acts primitively on the roots of the minimal polynomial of /3» 
over Q(ft+i). We also described a polynomial time algorithm to find the fields Q(Tfi),i = 
1, . . ., r, where £(7,) is the splitting field for Q(ft) over Q{p i+l ). (See Figure 4.2.) In light 
of Theorem 5.2, we find it necessary to first adjoin: to Q the I th roots of unity, where / = 
[Qilr) '■ Q\- We claim that there is a straight line program which expresses ft, a primitive 
I th root of unity, in radicals in polynomial time. The proof is similar to that for expressing 
Pi as radicals in polynomial time, and we begin by proving the bound for the /3»'s. We 
find elements ^ such that Q(J3 t ) = Q{u,Pi)- In order to prove that we can express P { by 
a straight line program in polynomial time, we must first obtain bounds on |ffi(i)l and 
HMy)l, the minimal polynomials for \ over Q{P i+l ) and for ^ over Q{Pi) respectively. 
The bounds we present are not best possible; they are simplified for the sake of readability. 

Lemma 5.4: If -hi(x) is the minimal polynomial for fa over Q, then \hi(x)\ < \f{x)\ 

12 
If g^x) is the minimal polynomial for $ i over Q[Pi+i), then fl<7»(x)l < |/(z)| 

proof: Because the Galois group of f(x) is solvable, each extension [Q(7i) : Q(Pi+i)\ < 
m? - 25 , where [Q(ft) : Q{p i+X )\ = m*. Since [Q{a) : Q] = J\ m< = m, we have / = \Q{ lr ) : 
Q] < m 3 - 25 . Now Q{p i+ x) = Q[x]/h %+t [x) implies that Q0 % +i) = Q\x,y]l{h t+ x{x),z{y)) 
where z(y) is an irreducible factor of the cyclotomic polynomial i' —1 + * l ~ l +••• + ! over 
Q[x]/h i+l {x). By Weinberger and Rothschild [Theorem 1.3], flz(y)J < m t \\h i+1 {x)\ m * . 

The roots of hi+i{x) are symmetric functions in a block of roots of f{x), which means 
that |/ii+i(i)| < |/(i)| m . Thus lz(y)j < mi\\f{x)\ mm *. We can now use Proposition 2.2 to 
determine a primitive element ~P i+i over Q; if ^4-1(1) is the minimal polynomial for P i+l 
over Q, then 

\h t+1 ( X )\ < (mimi/wr'i/iin^ 
< i/wr'. 

Now ffj(j/) will be a factor of <?j(y), the polynomial described in Algorithm 4.3. Since ft(y) 
is an irreducible factor of hi{y), we have 

My)} < m!|M!/)rifci+i(*)f ' 

< m!|/(x)r T (|/(x)rV J 

< i/wr'. 
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This implies that 

i*+i(v)i < mid/wr'r'MC' 

< rn\\f(x)\ mll \f(x)\ m ° 

< \mr im - 

(We remind the reader that the bounds obtained are not best possible.) I 

Lemma 5.5: If fct(x) is the minimal polynomial for % over Q{Pi+i), then |fci(x)| < 

i/wr'. 

proof: If fcj(x) is the minimal polynomial for 7i over Q(Pi+i), then the roots of fci(x) 
are the conjugates of 

Pi + c 2 6 2 + • • • + c t B t 

over <2(/?i_|_i), where 9 2 , ...,6 t are the conjugates of ft over Q(ft +1 ), and the Cj's are integers 
less than m 3 . Then by Weinberger and Rothschild [Theorem 1.3], 

IM*)1 < (m 7 |/(x)| m >|/(x)r 5 

< i/c*)r T . 

Since fci(x) is an irreducible factor of fcj(x) over <2(/J»+i), we obtain 

fc(x)l < mld^CxJD-l^^^xjr 2 

< mii/wr'd/txry"- 

< i/wr'. 



In order to write straight line code to express a as radicals over Q, it suffices to present 
straight line code for expressing ft as radicals over <2(ft+i). If we can solve the latter 
problem in time polynomial in m and log|/(x)|, then the former can also be solved in 
polynomial time, since there are at most log m fields between Q and Q{a). 

Suppose that H is the Galois group for Qfa) over Q(ft + i), and that H is solvable. 
In polynomial time we can find a set of subgroups of H which satisfy { e } = #0 C H\ C 
... C H T = H, where H k is normal in Hk+u and H k +i/Hk is of prime order [Sims],[FHL]. 
We let 

jr(x)= JJ a.(x — 7i); 

ir,6H t 
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then Q(Pi+i)[x]/jk{x) is the subfield of Q{%) corresponding to H k . Since we can compute 
the H k '& in polynomial time, we can also compute polynomials jk{x) in polynomial time. 
We can find a primitive element k for the field Q{Pi+i)[x]/jk{x) in polynomial time. We 
do this using Proposition 2.2. If j k (x) = x l + bi—ix 1-1 + . . . + b , the 6,'s are symmetric 
functions in conjugates of % and [fr,] < fl^y* 3 < (l/(s)| mT ) m3 = |/(z)| ml0 . We let 
9 k = 6 -j- cibi + • • • + cj_ifej_i, Ci G Z, be a primitive element by using Proposition 2.2 

10 ~ 

in the usual way. Then p k j < (m 7 |/(i)| m ), and if j k {x) is the minimal polynomial for 
9 k over Q, 

&(*)! < (m T |/(x)r ,0 r' 

„14 

<l/(x)| m • 

If we let i k (x) be the minimal polynomial for O k over Q{9 k —i), then since i k [x) is a factor 
of jk[x), we have: 

P*(»)l < (m 3 )!(l3 t (x)l)- 3 "(^(J)!)- 8 ' 

< i/wr". 

We conclude: 

Lemma 5.6: Let j k {x) be the minimal polynomial for 9 k over <?. Then \j k {x)\ < 
|/(x)| mM .If tfc(i) is the minimal polynomial for 9 k over Q{0 k -i)> then ¥k(x)l < |/(i)| m "- 



3. A Straight Line Program 

We have determined primitive elements 0* such that Q(\) is a cyclic extension of Q(6 r ), 
Q(0.j+i).U a cyclic extension of Q(Oj), and Q{6\) is a cyclic extension of Q(^i-fi)- (For the 
sake of simplicity, let 9q — &+!•) Denote \Q{Oi) : Q(6i—i)] by d». 
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Qifii+i) 

Figure 5.1: The Cyclic Extensions Between Q0 i+1 ) and Qfa) 

We inductively express rfi, . . ., ri T+ i such that Q{0j, ty) = Q(9j +x ), and r} } = {/pj(9j) } 
where p,(i) G Q[x]. To do this it is necessary to also construct qj(x,y) G Q[z>y]i J = 
0,..., s, where Oj+i = q } (\/Pj(9j),9j). Once we have shown how to construct pj(x) and 
<j 3 (x, y) in size polynomial in m and log |/(z)|, we will be done showing that how to express 
a over Q($) in a straight line program in polynomial time. Finally ft will be expressed in a 
similar way. 

We proceed by induction, beginning with rj X . Consider the Lagrange resolvent of Q(0 X ) 
over Q0 i+i ), and let k x be in Q(9i) — the null space of Q0 i+X ). (Observe that k x can be 
found in polynomial time.) If k x = r x (9 x ), then 

Iri(*)l < i(dil9tl)*f* = (dim) 4 * 

[Edm.] Let r\ x = (f,«i) dl - By the proof of Theorem 5.2, rj x G Q{Pi+i) — Q(h), and 
Q{9 X ) = Q{$Q, d ^/r\{). Let p x (x) G Q[x] be such that p x (9 ) = r\ x . We want to show that 
Pi(x) has polynomial size coefficients. 

Since r\ x is small in absolute value, its minimal polynomial over Q has polynomial size 
coefficients. This polynomial factors over Q(9q). Since x — ij x = x — p x {9o) is a factor, and 
we conclude by Weinberger and Rothschild [Theorem 1.3] that p x (x) has polynomial size 
coefficients. We repeat this with actual, though not best possible bounds. 
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We chose 771 = (f, wi)** 1 . This means that 



M = ff(f.«i)l dl 

< (difM) dl 

< (d 2 dhf>) dl 



< Wif 1 - 



By Lemma 5.6, |} (i)| < |/(x)| m > and IM < !/(*)!"* • B Y a rou S h approximation using 
Weinberger and Rothschild, we find 



m 2e d* 



IPiWI < \fi*)\ 

Next we determine and bound qi{x,y). Our argument is that the minimal polynomial 
for 9% over Q is of bounded size (Lemma 5.6), and thus its factors over Q[0q) are also 
bounded. We find an integer c t such that i^i = O + Ci v^T is a primitive element for Q(#i) 
over Q. Then v\ has a minimal polynomial over Q which is of bounded size. This means 
that the polynomial ti(i) € Q[i] such that $1 = ti(vi) has polynomial size coefficients. 
Furthermore the polynomial qi{x,y) G Q[x,y] such that 0\ = qi( l/rfi,8i) = t t (y -f Cii) 
also has polynomial size coefficients. 

For the inductive step it suffices to replace by i, and 1 by i -f 1, because all of our 
bounds are a priori established by Lemmas 5.4-5.6. The crucial fact to observe is that each 
of the polynomials pi(x) and qi(x, y) are determined in sequence from the Oi'a, whose length 
of description is polynomially bounded. 

One step remains. We must show that if \ = Ufa), with li(x) € Q[x], then the 
coefficients of li[x) are polynomial in size. This follows immediately since the minimal 
polynomials for \ and \ over QiPi+x) are polynomial in size. We have shown: 

Theorem 5.7: There exists a polynomial time straight line program to express a, a root 
of a solvable irreducible polynomial over Q, in terms of radicals. 

We have not yet shown how to express the I th roots of unity as radicals over Q, but 
Lemma 5.3 is effective. We observe that in order to express the /"* roots of unity as radicals 
over Q, we need to have the p\ h roots of unity expressed as radicals, where pi is a prime 
divisor of <p(l). Of course, this requires that q** roots of unity are expressed as radicals, 
where qj is a prime divisor of pi — 1. This inductive construction requires no more that 
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log / steps. Therefore we conclude that ft can be expressed as radicals over Q in a field of 
degree no greater than / log ' over Q. 

It would be much more pleasing to express a in polynomial time in the form: 



^1±V5 + -^— 



rather than what we have proposed here. However, the following theorem suggests that this 
may not possible, at least for roots of unity. 

Theorem 5.8 [Shapiro]: Let c(x) be such that <p e W{x) = 2 for i > 2. Then 2 C W < 
x<.2-3 e H 

Shapiro's function C[x) is the number of field extensions we need to write <p(x) as 
radicals over Q. Then C(x) = 0(log i). The field which contains ft expressed in radicals 
will be of degree / logi over Q, so there is little hope that the actual radical expression for ft 
will be polynomial in size. This indicates that Theorem 5.7 may be the best we can do. 
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Questions, Conclusions, and More Questions 



If now you give us a polynomial which you have chosen at your pleasure, and if you 
want to know if it is or is not solvable by radicals, we have the techniques to answer that 
question in polynomial time. We have transformed Galois' exponential time methods into 
a polynomial time algorithm. Furthermore, if the polynomial is solvable by radicals, we 
can express the roots in radicals using a suitable encoding. We have provided a polynomial 
time algorithm for the motivating problem of Galois Theory; we leave unresolved many 
interesting questions. 

In light of the running times presented in Chapter IV, we hesitate to claim practicality 
for our polynomial time algorithm. This suggests the following set of questions: 

1) All of our running times are based on the time needed by the L 3 algorithm for 
factoring polynomials over the integers. Can the present time bound be improved? 

2) Can the running time for factoring polynomials over algebraic number fields (Algorithm 
2.1) be improved? 

3) In Chapter IE we presented an algorithm which determines a minimal block of 
imprimitivity of the Galois group of the irreducible polynomial f(x) over the field K. Is there 
a faster algorithm than Algorithm 3.1 for determining the minimal blocks of imprimitivity? 
We conjecture that any algorithm that determines minimal blocks of imprimitivity must 
factor f(x) over K[x]/f(x); we would like to see a proof of this. 

The divide-and-conquer technique we used to determine solvability has the surprising 
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characteristic that it answers that question without even determining the order of the group. 
We ask: 

4) Is there a polynomial time algorithm to determine 

a) the order of the Galois group 

b) a set of generators for the Galois group, 
in the case of a solvable Galois group? 

The real buried treasure would be a polynomial time algorithm for determining the 
Galois group, regardless of solvability. A polynomial of degree n may have a Galois group 
as large as S n , but a set of generators will be polynomial in size. We see no immediate 
way that a divide-and-conquer approach might solve this problem, but we do observe that 
some characteristics of the Galois group may be inferred without actually determining the 
group. For example, the Galois group of an irreducible polynomial f(x) of degree n over 
the rationals is contained in A n , the alternating group of order n, iff disc(/(i)) is a square 
in Q [Lang, pp.199- 200.] This means that the Galois group of an irreducible polynomial of 
degree 3 over Q may be found by simply calculating the discriminant. Various tricks and 
methods have been used to determine the Galois group of polynomials over Q of degree less 
than 10 [Mcj,[St], [Za2], but until the recent results concerning polynomial factorization 
there was no feasible way to compute the Galois group of a general polynomial of large 
degree. It would be most exciting if a polynomial time algorithm were found for computing 
the Galois group. We offer no insights on this problem short of the results presented in this 
thesis, but we hope for, and would be delighted by, its solution. 
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Appendix 



Suppose a satisfies an irreducible polynomial g(t) of degree m over Q; then 1, a, . . ., a m 
form a basis for Q{a) over Q. Recall the matrix (bij) defined by: 



/3 — a u -{■ a i2 a + . . . -\- a im a m x 
/3a = a 2 i + 122" + • • • + a2 m a m ~ 1 



/3a m * = a ml + a m2 a + • • • + «m TO a" 



for fi G Q(a). We define the trace of /?, Tr(/3), to be E &«• Note that this definition is 

independent of the choice of basis for Q{a) over Q. Observe also that TTQ( a )/Q{P + 7) — 
Tr «(«)/e(^) + Tr «(c)/«(7)- We are now ready to prove: 

Proposition 1.2: Let a be an algebraic integer satisfying g{t), a monic irreducible 
polynomial over Z. Then the ring of algebraic integers of Q{a) is contained in (l/d)Z[a\, 
where 

d|disc( fl (*))=H( ai -a,) 2 

proof: Let deg(«?(t)) = m; then 1, a, . . ., a m_1 are a basis for Q{a) over Q. Furthermore 
1, a, . . ., a m ~ i are all algebraic integers. Assume f(x) = (x — a){x m ~ i + /9 m _ 2 a: m— 2 + 
... -f ^o) in Q{a)[x], and let w, = y^j for t = 0, .. ., m — 1, with /3 m -i = 1. We claim 
Trfywy) = *,-. 

Let 

M^ = (E-^ L 7^t)-^ i = f ...,m-l. 
We claim ai, - . ., a m , are the roots of h } {x). Observe that 



/'w= En (*-«')• 
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Then 

f'(a t ) = J[(a i -a l ). 

Since (J— I) f'Ui l ha) ~ *> we are done. But this means that hj(ati) = 0, for i = 1, . . ., m. 
Because hj(x) is a polynomial of degree less than m, it must be the case that hj(x) is 
identically zero. That is to say, 

That Tr( j^-t) — x 3 follows immediately, since the polynomials — ^- ,, , * ' * 

v i — aif'iaiY x — a x f'(a% ? 

are all conjugate, and the trace is additive. Then Tr( fl t x*— — r J = x 3 if t = j, and 

V J\pti)J 

otherwise. Thus Tt\ -J^-i-a 3 ] == £,. 
V/'(«i) ) 

Let d j£ be such that d ,, . is an algebraic integer. Let 7 = o + ait* + • • • + 
o m _io m— 1 £ Q{a) be integral over Q (i.e. satsify an integer monic polynomial over Q.) 
Then dj^i is integral over Q, as is T^( d j^l) = do »- But da % € Q implies da* e Z. 
Therefore 7 € (l/d)Z(a). 

Since ft is an algebraic integer, d is a divisor of /'(a). Then 

/ , w = EII( Q '- a J ) 

= JJ(ofi — a,) since JJ(<*» — ay) = for 1 ^ 1 

This completes the proof. I 
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